How to Install Magento 2 Two Factor Authentication

The Wikipedia definition of two-factor authentication says

“Two-factor authentication (2FA) is a way to add additional security to your account. The first “factor” is your usual password that is standard for any account. The second “factor” is a verification code retrieved from an app on a mobile device or computer.”

Explaining in simple terms, it is an additional layer of security beyond the login credentials. The strong passwords are also not enough to protect your data. Hence, Google recommends implementing two-factor authentication on each site! The store owner can enable or disable the Magento 2 2FA depending on the needs.

As far as Magento 2 stores are concerned, the admin panel is where all the important store, orders and customers data can be accessed. Securing it is utmost important. Fortunately, for Magento 2, the default two-factor authentication is available and hence here’s the tutorial to install Magento 2 two factor authentication. Installation of two-factor authentication in Magento 2 enables two-step verification for all the users attempting to access the Magento 2 admin panel from all the devices.

How to Install Magento 2 Two Factor Authentication:

  • Connect your server through the SSH Terminal.
  • Navigate to the root directory of your Magento 2 store.
  • Run the following composer command to install Magento 2 Two Factor Authentication:
    composer require MSP_TwoFactorAuth

How to Enable Magento 2 Two Factor Authentication:

Run the below commands to enable Magento 2 two factor authentication:

Once done, purge the Magento 2 cache by running the following commands just to be on the safe side:

Now that you’ve installed and enables the Magento 2FA, let’s proceed to configure it.

Configuring Magento 2 Two Factor Authentication:

There are four types of authenticators that you can configure for Magento 2 store:

  • Google Authenticator
  • U2F Devices (Yukikey and others)
  • Duo Security
  • Authy

It is mandatory to select at least one authenticator per user account, or you can force an authenticator globally for all accounts as well.

Also, it is advisable to install only one authenticator for the admin panel to avoid using input tokens for each one separately.

Configure Google Authenticator with Magento 2 Two Factor Authentication:

  • Login to Admin panel
  • Navigate to Stores > Configuration
  • Click on 2FA under Security.
  • Expand the General tab.
  • Enable the “Two Factor Auth”
  • Select “Google Authenticator” in Force providers.Enable Magento 2 two factor authentication
  • Expand Google Authenticator and enable it.
  • For Enable “trust this device” option:
    • If you want the user to not enter the authentication code for every login per device, set Yes.
    • If you want to force the user to enter the authentication code on every login and device, set authenticator
  • Save the configuration.

Test Magento 2 Two Factor Authentication:

Install the Google Authenticator mobile app from Google Play Store or iOS App Store. Attempt to login to the admin panel. The module will prompt a QR code as a part of two-factor authentication!

That’s all. Follow the above guide to install two-factor authentication in Magento 2 and get more confident about the security of your Magento 2 admin panel.

Please feel free to mention your doubts in the Comments section and I’d be happy to help 🙂

Do not forget to rate the post with 5 stars.

Stay secure!

Also Read:

(based on 11 Reviews)
How to Install Magento 2 Two Factor AuthenticationAuthor Magento Badge

Sanjay Jethva

Sanjay is a co-founder at Meetanshi. He is a Certified Magento Developer who loves creating Magento E-commerce solutions. Owing to his contributions in Magento Forums and posting solutions, he is among the top 50 contributors of the Magento community in 2019. When he is not engrossed with anything related to Magento, he loves to play cricket.


Leave a Reply

Your email address will not be published.