How to Install Magento 2 Two Factor Authentication
The Wikipedia definition of two-factor authentication says
“Two-factor authentication (2FA) is a way to add additional security to your account. The first “factor” is your usual password that is standard for any account. The second “factor” is a verification code retrieved from an app on a mobile device or computer.”
Explaining in simple terms, it is an additional layer of security beyond the login credentials. The strong passwords are also not enough to protect your data. Hence, Google recommends implementing two-factor authentication on each site!
As far as Magento 2 stores are concerned, the admin panel is where all the important store, orders and customers data can be accessed. Securing it is utmost important. Fortunately, for Magento 2, the default two-factor authentication is available and hence here’s the tutorial to install Magento 2 two factor authentication. Installation of two-factor authentication in Magento 2 enables two-step verification for all the users attempting to access the Magento 2 admin panel from all the devices.
How to Install Magento 2 Two Factor Authentication:
- Connect your server through the SSH Terminal.
- Navigate to the root directory of your Magento 2 store.
- Run the following composer command to install Magento 2 Two Factor Authentication:
composer require MSP_TwoFactorAuth
How to Enable Magento 2 Two Factor Authentication:
Run the below commands to enable Magento 2 two factor authentication:
php bin/magento module:enable MSP_TwoFactorAuth
php bin/magento setup:upgrade
Once done, purge the Magento 2 cache by running the following commands just to be on the safe side:
php bin/magento cache:clean
php bin/magento cache:flush
Now that you’ve installed and enables the Magento 2FA, let’s proceed to configure it.
Configuring Magento 2 Two Factor Authentication:
There are four types of authenticators that you can configure for Magento 2 store:
- Google Authenticator
- U2F Devices (Yukikey and others)
- Duo Security
It is mandatory to select at least one authenticator per user account, or you can force an authenticator globally for all accounts as well.
Also, it is advisable to install only one authenticator for the admin panel to avoid using input tokens for each one separately.
Configure Google Authenticator with Magento 2 Two Factor Authentication:
- Login to Admin panel
- Navigate to Stores > Configuration
- Click on 2FA under Security.
- Expand the General tab.
- Enable the “Two Factor Auth”
- Select “Google Authenticator” in Force providers.
- Expand Google Authenticator and enable it.
- For Enable “trust this device” option:
- Save the configuration.
Test Magento 2 Two Factor Authentication:
That’s all. Follow the above guide to install two-factor authentication in Magento 2 and get more confident about the security of your Magento 2 admin panel.
Please feel free to mention your doubts in the Comments section and I’d be happy to help 🙂
Do not forget to rate the post with 5 stars.