Chat with us, powered by LiveChat

This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

How to Setup Magento Two Factor Authentication on Ecommerce Store

October 22, 2018

4 Min Read
Magento Two Factor Authentication
Reading Time: 4 minutes

The Magento admin is the area which provides access to all including your store data, orders, customers data, and more. Even if you have a strong or secure password, it is easier for someone to steal your credentials when you access your Magento account. But how do you increase the security of your Magento ecommerce store admin panel? Magento Two Factor Authentication (2FA) extension is one way to add another security layer to your Magento store.

The Magento Two Factor Authentication (2FA) gives you an opportunity to protect the Magento store from hackers, keyloggers, unauthorized logins, data sniffing tools, and other threats. Using the password and a security code from your smartphone, you can easily enhance your Magento admin security. Also, keep it in mind that you only share the code with authorized users to access the Magento admin panel.

Let’s start with setting up the Magento 2FA. I am assuming that you have an active installation of Magento 2 store and you also have access to the server via SSH. Because, at this time, you can install the Magento 2FA module through the command line.

Scalable, Super Fast, & Secure Magento Hosting

Our Clients Love us because we never compromise on these features

How to Install Magento Two Factor Authentication Module

Connect your server through the SSH Terminal and navigate to the root directory of your Magento 2 store. Now, run the following composer command to install Magento Two Factor Authentication:

composer require msp/twofactorauth:3.0.0

How to Enable Magento Two Factor Authentication Module

Once you have installed the Magento Two Factor Authentication module, you will need to run the following commands to enable it:

php bin/magento module:enable –all

php bin/magento setup:upgrade

Once done, purge the Magento 2 cache by running the following commands just to be on the safe side:

php bin/magento cache:clean

php bin/magento cache:flush

You have successfully installed and enabled the Magento 2FA module. Let’s configure it now.

Configuring Magento Two Factor Authentication

There are four types of authenticators that you can configure for your Magento 2 store:

  • Google Authenticator
  • U2F Devices (Yukikey and others)
  • Duo Security
  • Authy

It is compulsory to choose at least one authenticator per user account, or you can force an authenticator globally for all accounts as well.

However, I would recommend you to install only one authenticator for the Magento 2 admin panel because if you select multiple authenticators, you will have to use input tokens for each one separately.

Configure Google Authenticator with Magento 2FA Plugin

I am going to configure Google Authenticator. However, you can use any of the authenticators mentioned above that fit your requirements.

Now, login to your Magento 2 admin panel and tap STORESConfiguration from the sidebar.

Magento 2 Stores Configuration

On the left panel, expand Security and tap 2FA.

Magento 2 Security 2FA

Expand the General section from the right side and select Yes to enable Magento Two Factor Auth and choose Google Authenticator in Force providers option.

Magento 2FA General Settings

Now, expand the Google Authenticator section and select Yes to enable it. In Enable “trust this device” option, you will have two choices.

  • If you want the user not to enter the authentication code for every login per device, select Yes.
  • If you want to force the user to enter the authentication code on every login and device, select No.

Magento 2FA Google Authenticator

Finally, the configuration of Google Authenticator for Magento 2FA is completed. Tap Save Config button to save all the changes you made.

Testing Magento Two Factor Authentication

Now, install the Google Authenticator app on your mobile device or a smartphone. You can download the Google Authenticator from Google Play Store or iOS App Store.

Try logging out and then back into the Magento 2 admin panel with your username and password. With the login attempt, Magento Two Factor Authentication module will prompt a QR code.

Magento 2 FA QR Code

Scan the QR code using the Google Authenticator app on your mobile device and enter the code to confirm access to your Magento 2 admin panel.

Final Thoughts

Magento Two Factor Authentication is highly secure & straightforward. Rather than relying on a password alone, which anyone can crack or guess or phish easily, you can secure your store with the Magento 2FA. It adds another security layer to your Magento 2 admin panel and protects your store’s admin panel from unauthorized access.

If you still find it difficult to install or configure the Magento Two Factor Authentication module on your ecommerce store, feel free to drop your query in the comment box, and I will get back to you as soon as possible.

Share your opinion in the comment section. COMMENT NOW

Share This Article

Boost Your Magento Store Performance by 5x Times & Maximize Your Sales

Our fastest Magento hosting can help you in growing your business revenue by 500%

Fayyaz Khattak

Fayyaz is a Magento Community Manager at Cloudways - A Managed Magento Hosting Platform. His objective is to learn & share about PHP & Magento Development in Community. Fayyaz is a food lover and enjoys driving. You can email him at m.fayyaz@cloudways.com

Get Our Newsletter
Be the first to get the latest updates and tutorials.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!