{"id":383,"date":"2019-04-18T12:45:30","date_gmt":"2019-04-18T12:45:30","guid":{"rendered":"https:\/\/meetanshi.com\/blog\/2019\/04\/18\/install-magento-2-two-factor-authentication\/"},"modified":"2025-05-22T16:57:58","modified_gmt":"2025-05-22T11:27:58","slug":"install-magento-2-two-factor-authentication","status":"publish","type":"post","link":"https:\/\/meetanshi.com\/blog\/install-magento-2-two-factor-authentication\/","title":{"rendered":"How to Install Magento 2 Two Factor Authentication"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The <a href=\"https:\/\/en.wikipedia.org\/wiki\/Help:Two-factor_authentication\" target=\"_blank\" rel=\"noopener noreferrer\" data-cke-saved-href=\"https:\/\/en.wikipedia.org\/wiki\/Help:Two-factor_authentication\" data-cke-saved->Wikipedia<\/a> definition of two-factor authentication says<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><b>&#8220;Two-factor authentication<\/b>&nbsp;(<b>2FA<\/b>) is a way to add additional security to your account. The first &#8220;factor&#8221; is your usual password that is standard for any account. The second &#8220;factor&#8221; is a verification code retrieved from an app on a mobile device or computer.&#8221;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Explaining in simple terms, it is an additional layer of security beyond the login credentials.&nbsp;The strong passwords are also not enough to protect your data. Hence, <a href=\"https:\/\/webmasters.googleblog.com\/2015\/08\/nohacked-using-two-factor.html\" target=\"_blank\" rel=\"noopener noreferrer\" data-cke-saved-href=\"https:\/\/developers.google.com\/search\/blog\/2015\/08\/nohacked-using-two-factor\">Google recommends implementing two-factor authentication<\/a> on each site! The store owner can enable or <a title=\"How to Disable Magento 2 Two Factor Authentication\" href=\"https:\/\/meetanshi.com\/blog\/disable-magento-2-two-factor-authentication\/\" target=\"_blank\" rel=\"noopener\">disable the Magento 2 2FA<\/a> depending on the needs.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As far as Magento 2 stores are concerned, the admin panel is where all the important store, orders and customers data can be accessed. Securing it is utmost important. Fortunately, for Magento 2, the default two-factor authentication is available and hence here&#8217;s the tutorial to <i><strong>install Magento 2 two factor authentication<\/strong><\/i>. Installation of two-factor authentication in Magento 2 enables two-step verification for all the users attempting to access the Magento 2 admin panel from all the devices.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to Install Magento 2 Two Factor Authentication:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Connect your server through the SSH Terminal.<\/li>\n\n\n\n<li>Navigate to the root directory of your Magento 2 store.<\/li>\n\n\n\n<li>Run the following composer command to install Magento 2 Two Factor Authentication:<br>composer require MSP_TwoFactorAuth<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How to Enable Magento 2 Two Factor Authentication:<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Run the below commands to enable Magento 2 two-factor authentication:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>php bin\/magento module:enable MSP_TwoFactorAuth<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>php bin\/magento setup:upgrade<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Once done, purge the <a href=\"https:\/\/meetanshi.com\/blog\/clear-magento-2-cache\/\" target=\"_blank\" rel=\"noreferrer noopener\">Magento 2 cache<\/a>&nbsp;by running the following commands just to be on the safe side:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>php bin\/magento cache:clean<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>php bin\/magento cache:flush<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Now that you&#8217;ve installed and enables the Magento 2FA, let&#8217;s proceed to configure it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configuring Magento 2 Two Factor Authentication:<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">There are four types of authenticators that you can configure for the Magento 2 store:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Google Authenticator<\/li>\n\n\n\n<li>U2F Devices (Yukikey and others)<\/li>\n\n\n\n<li>Duo Security<\/li>\n\n\n\n<li>Authy<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">It is mandatory to select at least one authenticator per user account, or you can force an authenticator globally for all accounts as well.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Also, it is advisable to install only one authenticator for the admin panel to avoid using input tokens for each one separately.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Configure Google Authenticator with Magento 2 Two Factor Authentication:<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Login to <strong>Admin panel<\/strong><\/li>\n\n\n\n<li>Navigate to <strong>Stores &gt; Configuration<\/strong><\/li>\n\n\n\n<li>Click on <strong>2FA<\/strong> under <strong>Security<\/strong>.<\/li>\n\n\n\n<li>Expand the <strong>General<\/strong> tab.<\/li>\n\n\n\n<li>Enable the &#8220;Two Factor Auth&#8221;<\/li>\n\n\n\n<li>Select &#8220;<strong>Google Authenticator<\/strong>&#8221; in <strong>Force providers<\/strong>.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/meetanshi.com\/blog\/wp-content\/uploads\/2019\/04\/1_enable-2fa.png\" alt=\"Enable Magento 2 two factor authentication\"\/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Expand <strong>Google Authenticator<\/strong> and enable it.<\/li>\n\n\n\n<li>For <strong>Enable \u201ctrust this device\u201d option:<\/strong>\n<ul class=\"wp-block-list\">\n<li>If you want the user to not enter the authentication code for every login per device, set <strong>Yes<\/strong>.<\/li>\n\n\n\n<li>If you want to force the user to enter the authentication code on every login and device, set <strong>No<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/meetanshi.com\/blog\/wp-content\/uploads\/2019\/04\/2_google-authenticator.png\" alt=\"google authenticator\" class=\"wp-image-4898\"\/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Save<\/strong> the configuration.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Test Magento 2 Two Factor Authentication:<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Install the Google Authenticator mobile app from <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.google.android.apps.authenticator2&amp;hl=en_US\" target=\"_blank\" rel=\"noopener noreferrer\" data-cke-saved-href=\"https:\/\/play.google.com\/store\/apps\/details?id=com.google.android.apps.authenticator2&amp;hl=en_US\" data-cke-saved->Google Play Store<\/a>&nbsp;or <a href=\"https:\/\/apps.apple.com\/us\/app\/google-authenticator\/id388497605\" target=\"_blank\" rel=\"noopener noreferrer\" data-cke-saved-href=\"https:\/\/apps.apple.com\/us\/app\/google-authenticator\/id388497605\" data-cke-saved->iOS App Store<\/a>. Attempt to login to the admin panel. The module will prompt a QR code as a part of two-factor authentication!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That&#8217;s all. Follow the above guide to install two-factor authentication in Magento 2 and get more confident about the security of your Magento 2 admin panel.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Stay secure!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Also Read:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/meetanshi.com\/blog\/setup-two-factor-authentication-in-magento-2-4\/\">How to Setup Two Factor Authentication in Magento 2.4<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The Wikipedia definition of two-factor authentication says &#8220;Two-factor authentication&nbsp;(2FA) is a way to add additional security to your account. The first &#8220;factor&#8221; is your usual&#8230;<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[34],"tags":[],"class_list":["post-383","post","type-post","status-publish","format-standard","hentry","category-magento"],"acf":[],"_links":{"self":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/383","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/comments?post=383"}],"version-history":[{"count":2,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/383\/revisions"}],"predecessor-version":[{"id":15466,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/383\/revisions\/15466"}],"wp:attachment":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/media?parent=383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/categories?post=383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/tags?post=383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}