The latest release, Magento 2.4 enables two-factor authentication by default.
Earlier, Magento 2 did offer an option to install two-factor authentication. The store owner can enable or disable the Magento 2 2FA as per the requirements.
However, if you have downloaded the latest Magento 2 version and installed it, you might have noticed that the two-factor authentication cannot be disabled.
Though it is not recommended to disable 2FA in Magento 2 for security purpose, you may want to still do it for multiple reasons:
- Testing environment
- The store is in the development stage
There is no option to disable Magento 2 two factor authentication in Magento 2.4 and hence Mark Shust, a certified Magento developer from Cleveland, Ohio has developed a module to disable Magento 2 two factor authentication.
His module adds the toggle to enable and disable 2FA from the Magento 2 admin panel.
When you install this module, 2FA is enabled by default in order to prevent any side effects or security loopholes from being introduced during automated installation processes.
To disable it, the admin has to navigate to Stores > Configuration. Under Security, selecting 2FA, expand General section and set “Enable 2FA” to No.
Method to disable Magento 2 two factor authentication:
Create config.xml
<?xml version="1.0"?> <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Store:etc/config.xsd"> <default> <twofactorauth> <general> <enable>1</enable> </general> </twofactorauth> </default> </config>
Create di.xml
<?xml version="1.0"?> <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd"> <type name="Magento\TwoFactorAuth\Model\TfaSession"> <plugin name="bypassTwoFactorAuth" type="MarkShust\DisableTwoFactorAuth\Plugin\BypassTwoFactorAuth"/> </type> </config>
Create module.xml
<?xml version="1.0"?> <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd"> <module name="MarkShust_DisableTwoFactorAuth"> <sequence> <module name="Magento_TwoFactorAuth"/> </sequence> </module> </config>
Create system.xml
<?xml version="1.0"?> <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd"> <system> <section id="twofactorauth"> <group id="general"> <field id="enable" translate="label" type="select" sortOrder="1" showInDefault="1" canRestore="1"> <label>Enable 2FA</label> <source_model>Magento\Config\Model\Config\Source\Yesno</source_model> <comment>Warning: Enabling 2FA will immediately prompt admin user for OTP code.</comment> </field> <field id="force_providers"> <depends> <field id="enable">1</field> </depends> </field> <field id="webapi_notification_url"> <depends> <field id="enable">1</field> </depends> </field> </group> </section> </system> </config>
Create BypassTwoFactorAuth.php
<?php declare(strict_types=1); namespace MarkShust\DisableTwoFactorAuth\Plugin; use Magento\Framework\App\Config\ScopeConfigInterface; use Magento\TwoFactorAuth\Model\TfaSession; class BypassTwoFactorAuth { /** @var ScopeConfigInterface */ private $scopeConfig; public function __construct( ScopeConfigInterface $scopeConfig ) { $this->scopeConfig = $scopeConfig; } /** * If the TwoFactorAuth module Enable setting is set to false, always return true here so all requests bypass 2FA. * Otherwise, return the original result. * * @param TfaSession $subject * @param $result * @return bool */ public function afterIsGranted(TfaSession $subject, $result): bool { return !$this->scopeConfig->isSetFlag('twofactorauth/general/enable') ? true : $result; } }
Create registration.php:
<?php use Magento\Framework\Component\ComponentRegistrar; ComponentRegistrar::register( ComponentRegistrar::MODULE, 'MarkShust_DisableTwoFactorAuth', __DIR__ );
Create composer.json:
{ "name": "markshust/magento2-module-disabletwofactorauth", "description": "The DisableTwoFactorAuth module provides the ability to disable two-factor authentication.", "require": { "php": ">=7.3", "magento/framework": ">=103" }, "type": "magento2-module", "version": "1.0.0", "license": [ "MIT" ], "autoload": { "files": [ "registration.php" ], "psr-4": { "MarkShust\\DisableTwoFactorAuth\\": "" } } }
That’s it.
You can also enable or disable 2FA from the command line using the below command:
bin/magento config:set twofactorauth/general/enable 0
Also, do share the post with the Magento Community via social media.
Thank you.
Related Post – [Solved] Syntax Error – Unexpected ‘)’ While Installing Magento 2.4