Great question! Adding MFA (Multi-Factor Authentication) to a Laravel project is an excellent step for improving security. Here’s a clear step-by-step guide:
✅ Step 1: Use Laravel Breeze, Jetstream, or Fortify
Laravel itself doesn’t have MFA in the core, but Jetstream and Fortify offer built-in MFA with Time-based One-Time Password (TOTP) apps (like Google Authenticator, Authy).
Option 1: Add with Laravel Jetstream (Recommended for new projects)
- Install Jetstream:
composer require laravel/jetstream - Install Jetstream scaffolding (choose Livewire or Inertia):
php artisan jetstream:install livewire # or php artisan jetstream:install inertia - Run migrations:
php artisan migrate - Compile assets:
npm install && npm run dev - Go to your profile page → you’ll see Two Factor Authentication management.
Option 2: Add with Laravel Fortify (For backend API or custom frontend)
- Install Fortify:
composer require laravel/fortify - Publish Fortify config:
php artisan vendor:publish --provider="Laravel\Fortify\FortifyServiceProvider" - Enable features in
config/fortify.php:'features' => [ Features::twoFactorAuthentication(), ], - Run migrations:
php artisan migrate - Set up your own routes/views to handle:
- enabling 2FA
- showing QR code
- confirming one-time codes
✅ Step 3: Install a TOTP App (Google Authenticator, Authy)
- When a user enables MFA in their profile, they scan a QR code.
- Your app generates and verifies the TOTP codes using
pragmarx/google2fa-laravel(used behind the scenes by Jetstream/Fortify).
✅ Step 4: Secure routes
To secure sensitive routes, use middleware like:
Route::middleware(['auth', '2fa'])->group(function () {
// sensitive routes here
});
📦 Bonus: Third-party package option
If you want to add MFA without Jetstream or Fortify, you can directly use:
These packages let you build custom 2FA logic.
🔒 Summary
| Approach | Best for |
|---|---|
| Laravel Jetstream | New projects needing ready UI |
| Laravel Fortify | API/backend + custom frontend |
| Google2FA package | Existing projects, manual setup |
If you tell me which Laravel stack you’re using (Breeze, Jetstream, Fortify, Inertia, Livewire), I can give you exact installation steps — want me to write that out for you? 🚀
Leave a Reply