Web security depends on following boring ole’ best practices, like keeping your software up-to-date. This makes it fairly dull, unlike Hollywood portrayals of IT security. However, if disaster strikes, you need a plan in place to fix things, fast.
With security breaches proliferating in recent years, it’s more important than ever to protect your users and applications by implementing Two-Factor Authentication (2FA) which was developed to protect accounts and devices by adding security verification to the login process.
Out of the box, Drupal does a good job of providing securely written code. However, Drupal doesn't enforce strong passwords by default which can lead to a scenario that is not too hard to imagine.