Email OTP Two-Factor Authentication (2FA) | Secure Login & Signup
by ADream Innovations https://adreaminnovations.odoo.comEmail OTP Two-Factor Authentication (2FA)
Protect user logins and signups with cryptographically secure, time-limited One-Time Passwords (OTP) sent directly to their email, preventing unauthorized access and brute-force attacks.
Secure your Odoo instance from unauthorized access and credential leaks
Traditional login methods relying solely on passwords are highly vulnerable to credential stuffing, brute-force attacks, and password leaks. If a user's password is compromised, attackers can easily gain access to sensitive company data, customer records, and financial transactions.
The **Email OTP Two-Factor Authentication** module adds an essential layer of security to your Odoo environment. Upon entering correct credentials, the module intercepts the login process and generates a cryptographically secure 6-digit OTP code, sending it to the user's verified email.
With this multi-factor authentication (MFA) workflow, even if an attacker acquires a password, they cannot gain entry without access to the user's email inbox, significantly mitigating the risk of data breaches.
Multi-Step Verification Workflows
- Secure Portal Signups: Verify customer and portal user identities at registration, ensuring only active, valid emails can create accounts.
- Staff Login Safeguard: Enforce two-factor verification for internal company users to protect corporate administrative dashboards.
- Brute-Force Lockout: Automatically lock verification records after 5 failed attempts, thwarting automated login cracks.
- Automated Data Cleanups: Uses daily background cron jobs to delete processed or expired OTP codes, keeping your database clean.
Key Module Capabilities
Enforce robust, seamless multi-factor authentication with native Odoo-styled frontend interfaces.
Two-Factor Login Protection
Intercepts standard logins to request verification via a 6-digit email OTP after correct password validation.
Verified User Registrations
Enforces email validation on the signup form, preventing spam and verifying email ownership during account creation.
HMAC & Fernet Cryptography
Protects sensitive login credentials between login steps using HMAC signatures and Fernet symmetric encryption.
Brute-Force Lockout Safety
Defends against code guessing by locking OTP verification records after 5 failed verification attempts.
2-Minute Expiration Window
Limits the vulnerability window by expiring generated OTP codes after 2 minutes of inactivity.
Audit Logs for Administrators
Enables compliance auditing with a dedicated backend view tracking OTP emails, states, and login attempts.
Behind-The-Scenes Cryptographic Logic
The module runs safe validation steps to make sure all login attempts match robust security standards:
- Secure Payload Encapsulation: Encrypts plaintext passwords during the two-step authentication using Fernet URL-safe symmetric encryption.
- HMAC Signature Verification: Signs temporary login tokens with the database secret via SHA-256 to prevent client-side tampering or injection.
- Cryptographic Random Generation: Generates 6-digit numeric OTP codes utilizing Python's secure
secretslibrary instead of standard pseudorandom generators.
Centralized Security Audits
Administrators can monitor and audit authentication events directly from Odoo settings:
- OTP Audit Log: A dedicated menu under Users allows administrators to monitor email addresses, verification states (Verified, Locked, Expired), and attempt counts.
- Masked Email Display: Obfuscates recipient email addresses on the verification screen to protect user privacy (e.g.,
a***z@domain.com). - Automatic Database Cleanup: Runs a scheduled daily cron job to prune old verification history and clean expired database records.
Interface Preview
2FA Login Verification
Secure login form requesting the 6-digit OTP code sent to the masked email address, with quick links to resend the code.
Verified Registration
Validates the user's email ownership directly on signup by requiring a one-time verification code before account setup.
Admin Audit Logging
A dedicated backend list view displaying all verification records, states, creation timestamps, and failure attempts.
Quick Setup Guide
1. Install
Add the OTP Login module to your custom Odoo addons folder, update the app list, and click install.
2. Outgoing Mail
Ensure Odoo's Outgoing Mail Servers are properly configured to send OTP emails to your users without delay.
3. Enforce 2FA
The module automatically applies 2FA protection to all standard login and signup attempts instantly.
4. Audit Settings
Navigate to Settings > Users & Companies > OTP Verification to view active codes, verify logs, or run cleanups.
Need custom Odoo security configuration or development support?
ADream Innovations provides premium consulting, engineering, and support services for Odoo environments. We help organizations optimize their operations through custom Odoo Development, targeted Odoo Customization, and end-to-end Odoo Implementation setups. Our team integrates systems via custom API Integrations and automates routine workflows.
If you need an expert ERP Consulting partner to audit your security policies or require reliable, Long-Term Odoo Support, contact us today to discuss how we can assist.
Developed by ADream Innovations under standard LGPL-3 licensing. For software updates, bug reports, or consulting inquiries, contact us.
Email: info@adream-innovation.odoo.com
Website: https://adreaminnovations.odoo.com
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 766 |
| Technical Name |
ad_otp_login |
| License | LGPL-3 |
| Website | https://adreaminnovations.odoo.com |
Please log in to comment on this module