🔥 Just Launched! Werra Premium Template for HyväSee it in Action

How to Disable Magento 2 Two Factor Authentication

By Sanjay JethvaUpdated on May 22, 2025 3 min read

The latest release, Magento 2.4 enables two-factor authentication by default.

Earlier, Magento 2 did offer an option to install two-factor authentication. The store owner can enable or disable the Magento 2 2FA as per the requirements.

However, if you have downloaded the latest Magento 2 version and installed it, you might have noticed that the two-factor authentication cannot be disabled.

Though it is not recommended to disable 2FA in Magento 2 for security purpose, you may want to still do it for multiple reasons:

Testing environment
The store is in the development stage

There is no option to disable Magento 2 two factor authentication in Magento 2.4 and hence Mark Shust, a certified Magento developer from Cleveland, Ohio has developed a module to disable Magento 2 two factor authentication.

His module adds the toggle to enable and disable 2FA from the Magento 2 admin panel.

When you install this module, 2FA is enabled by default in order to prevent any side effects or security loopholes from being introduced during automated installation processes.

To disable it, the admin has to navigate to Stores > Configuration. Under Security, selecting 2FA, expand General section and set “Enable 2FA” to No.

Method to disable Magento 2 two factor authentication:

Create config.xml

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Store:etc/config.xsd">
    <default>
        <twofactorauth>
            <general>
                <enable>1</enable>
            </general>
        </twofactorauth>
    </default>
</config>

Create di.xml

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
    <type name="Magento\TwoFactorAuth\Model\TfaSession">
        <plugin name="bypassTwoFactorAuth" type="MarkShust\DisableTwoFactorAuth\Plugin\BypassTwoFactorAuth"/>
    </type>
</config>

Create module.xml

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
    <module name="MarkShust_DisableTwoFactorAuth">
        <sequence>
            <module name="Magento_TwoFactorAuth"/>
        </sequence>
    </module>
</config>

Create system.xml

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
    <system>
        <section id="twofactorauth">
            <group id="general">
                <field id="enable" translate="label" type="select" sortOrder="1" showInDefault="1" canRestore="1">
                    <label>Enable 2FA</label>
                    <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                    <comment>Warning: Enabling 2FA will immediately prompt admin user for OTP code.</comment>
                </field>
                <field id="force_providers">
                    <depends>
                        <field id="enable">1</field>
                    </depends>
                </field>
                <field id="webapi_notification_url">
                    <depends>
                        <field id="enable">1</field>
                    </depends>
                </field>
            </group>
        </section>
    </system>
</config>

Create BypassTwoFactorAuth.php

<?php
declare(strict_types=1);

namespace MarkShust\DisableTwoFactorAuth\Plugin;

use Magento\Framework\App\Config\ScopeConfigInterface;
use Magento\TwoFactorAuth\Model\TfaSession;

class BypassTwoFactorAuth
{
    /** @var ScopeConfigInterface */
    private $scopeConfig;

    public function __construct(
        ScopeConfigInterface $scopeConfig
    ) {
        $this->scopeConfig = $scopeConfig;
    }

    /**
     * If the TwoFactorAuth module Enable setting is set to false, always return true here so all requests bypass 2FA.
     * Otherwise, return the original result.
     *
     * @param TfaSession $subject
     * @param $result
     * @return bool
     */
    public function afterIsGranted(TfaSession $subject, $result): bool
    {
        return !$this->scopeConfig->isSetFlag('twofactorauth/general/enable')
            ? true
            : $result;
    }
}

Create registration.php:

<?php
use Magento\Framework\Component\ComponentRegistrar;

ComponentRegistrar::register(
    ComponentRegistrar::MODULE,
    'MarkShust_DisableTwoFactorAuth',
    __DIR__
);

Create composer.json:

{
    "name": "markshust/magento2-module-disabletwofactorauth",
    "description": "The DisableTwoFactorAuth module provides the ability to disable two-factor authentication.",
    "require": {
        "php": ">=7.3",
        "magento/framework": ">=103"
    },
    "type": "magento2-module",
    "version": "1.0.0",
    "license": [
        "MIT"
    ],
    "autoload": {
        "files": [
            "registration.php"
        ],
        "psr-4": {
            "MarkShust\\DisableTwoFactorAuth\\": ""
        }
    }
}

That’s it.

You can also enable or disable 2FA from the command line using the below command:

bin/magento config:set twofactorauth/general/enable 0

Also, do share the post with the Magento Community via social media.

Thank you.

Article bySanjay Jethva

Sanjay is the co-founder and CTO of Meetanshi with hands-on expertise with Magento since 2011. He specializes in complex development, integrations, extensions, and customizations. Sanjay is one the top 50 contributor to the Magento community and is recognized by Adobe. His passion for Magento 2 and Shopify solutions has made him a trusted source for businesses seeking to optimize their online stores. He loves sharing technical solutions related to Magento 2 & Shopify.

Table of Contents