How to Install Magento 2 Two Factor Authentication
The Wikipedia definition of two-factor authentication says
“Two-factor authentication (2FA) is a way to add additional security to your account. The first “factor” is your usual password that is standard for any account. The second “factor” is a verification code retrieved from an app on a mobile device or computer.”
Explaining in simple terms, it is an additional layer of security beyond the login credentials. The strong passwords are also not enough to protect your data. Hence, Google recommends implementing two-factor authentication on each site! The store owner can enable or disable the Magento 2 2FA depending on the needs.
As far as Magento 2 stores are concerned, the admin panel is where all the important store, orders and customers data can be accessed. Securing it is utmost important. Fortunately, for Magento 2, the default two-factor authentication is available and hence here’s the tutorial to install Magento 2 two factor authentication. Installation of two-factor authentication in Magento 2 enables two-step verification for all the users attempting to access the Magento 2 admin panel from all the devices.
How to Install Magento 2 Two Factor Authentication:
- Connect your server through the SSH Terminal.
- Navigate to the root directory of your Magento 2 store.
- Run the following composer command to install Magento 2 Two Factor Authentication:
composer require MSP_TwoFactorAuth
How to Enable Magento 2 Two Factor Authentication:
Run the below commands to enable Magento 2 two factor authentication:
|
1 |
php bin/magento module:enable MSP_TwoFactorAuth |
|
1 |
php bin/magento setup:upgrade |
Once done, purge the Magento 2 cache by running the following commands just to be on the safe side:
|
1 |
php bin/magento cache:clean |
|
1 |
php bin/magento cache:flush |
Now that you’ve installed and enables the Magento 2FA, let’s proceed to configure it.
Configuring Magento 2 Two Factor Authentication:
There are four types of authenticators that you can configure for Magento 2 store:
- Google Authenticator
- U2F Devices (Yukikey and others)
- Duo Security
- Authy
It is mandatory to select at least one authenticator per user account, or you can force an authenticator globally for all accounts as well.
Also, it is advisable to install only one authenticator for the admin panel to avoid using input tokens for each one separately.
Configure Google Authenticator with Magento 2 Two Factor Authentication:
- Login to Admin panel
- Navigate to Stores > Configuration
- Click on 2FA under Security.
- Expand the General tab.
- Enable the “Two Factor Auth”
- Select “Google Authenticator” in Force providers.
- Expand Google Authenticator and enable it.
- For Enable “trust this device” option:
- If you want the user to not enter the authentication code for every login per device, set Yes.
- If you want to force the user to enter the authentication code on every login and device, set No.
- Save the configuration.
Test Magento 2 Two Factor Authentication:
Install the Google Authenticator mobile app from Google Play Store or iOS App Store. Attempt to login to the admin panel. The module will prompt a QR code as a part of two-factor authentication!
That’s all. Follow the above guide to install two-factor authentication in Magento 2 and get more confident about the security of your Magento 2 admin panel.
Please feel free to mention your doubts in the Comments section and I’d be happy to help 🙂
Do not forget to rate the post with 5 stars.
Stay secure!
Also Read:
2 Comments
Hello
Are you getting any reports of 2FA issues on the iPhone. I have had several users unable to setup the 2FA on their phones. They get an invalid barcode error when they scan the QR Code.
Hello Steve,
I am not getting such an issue. Which Magento version are you using?
You might find this helpful – https://magento.stackexchange.com/questions/321005/two-factor-authentication-invalid-in-magento-2-admin-panel
Thank you.