The Magento admin is the area which provides access to all including your store data, orders, customers data, and more. Even if you have a strong or secure password, it is easier for someone to steal your credentials when you access your Magento account. But how do you increase the security of your Magento ecommerce store admin panel? Magento Two Factor Authentication (2FA) extension is one way to add another security layer to your Magento store.
The Magento Two Factor Authentication (2FA) gives you an opportunity to protect the Magento store from hackers, keyloggers, unauthorized logins, data sniffing tools, and other threats. Using the password and a security code from your smartphone, you can easily enhance your Magento admin security. Also, keep it in mind that you only share the code with authorized users to access the Magento admin panel.
Let’s start with setting up the Magento 2FA. I am assuming that you have an active installation of Magento 2 store and you also have access to the server via SSH. Because, at this time, you can install the Magento 2FA module through the command line.
Scalable, Super Fast, & Secure Magento Hosting
Our Clients Love us because we never compromise on these features
How to Install Magento Two Factor Authentication Module
Connect your server through the SSH Terminal and navigate to the root directory of your Magento 2 store. Now, run the following composer command to install Magento Two Factor Authentication:
composer require msp/twofactorauth:3.0.0
How to Enable Magento Two Factor Authentication Module
Once you have installed the Magento Two Factor Authentication module, you will need to run the following commands to enable it:
php bin/magento module:enable –all
php bin/magento setup:upgrade
Once done, purge the Magento 2 cache by running the following commands just to be on the safe side:
php bin/magento cache:clean
php bin/magento cache:flush
You have successfully installed and enabled the Magento 2FA module. Let’s configure it now.
Configuring Magento Two Factor Authentication
There are four types of authenticators that you can configure for your Magento 2 store:
- Google Authenticator
- U2F Devices (Yukikey and others)
- Duo Security
- Authy
It is compulsory to choose at least one authenticator per user account, or you can force an authenticator globally for all accounts as well.
However, I would recommend you to install only one authenticator for the Magento 2 admin panel because if you select multiple authenticators, you will have to use input tokens for each one separately.
Configure Google Authenticator with Magento 2FA Plugin
I am going to configure Google Authenticator. However, you can use any of the authenticators mentioned above that fit your requirements.
Now, login to your Magento 2 admin panel and tap STORES > Configuration from the sidebar.
On the left panel, expand Security and tap 2FA.
Expand the General section from the right side and select Yes to enable Magento Two Factor Auth and choose Google Authenticator in Force providers option.
Now, expand the Google Authenticator section and select Yes to enable it. In Enable “trust this device” option, you will have two choices.
- If you want the user not to enter the authentication code for every login per device, select Yes.
- If you want to force the user to enter the authentication code on every login and device, select No.
Finally, the configuration of Google Authenticator for Magento 2FA is completed. Tap Save Config button to save all the changes you made.
Testing Magento Two Factor Authentication
Now, install the Google Authenticator app on your mobile device or a smartphone. You can download the Google Authenticator from Google Play Store or iOS App Store.
Try logging out and then back into the Magento 2 admin panel with your username and password. With the login attempt, Magento Two Factor Authentication module will prompt a QR code.
Scan the QR code using the Google Authenticator app on your mobile device and enter the code to confirm access to your Magento 2 admin panel.
Final Thoughts
Magento Two Factor Authentication is highly secure & straightforward. Rather than relying on a password alone, which anyone can crack or guess or phish easily, you can secure your store with the Magento 2FA. It adds another security layer to your Magento 2 admin panel and protects your store’s admin panel from unauthorized access.
If you still find it difficult to install or configure the Magento Two Factor Authentication module on your ecommerce store, feel free to drop your query in the comment box, and I will get back to you as soon as possible.
Abdur Rahman
Abdur Rahman is the Magento whizz at Cloudways. He is growth ambitious, and aims to learn & share information about Ecommerce & Magento Development through practice and experimentation. He loves to travel and explore new ideas whenever he finds time. Get in touch with him at [email protected]