{"id":5882,"date":"2020-09-07T04:33:00","date_gmt":"2020-09-07T04:33:00","guid":{"rendered":"https:\/\/meetanshi.com\/blog\/?p=5882"},"modified":"2025-05-22T11:50:04","modified_gmt":"2025-05-22T06:20:04","slug":"disable-magento-2-two-factor-authentication","status":"publish","type":"post","link":"https:\/\/meetanshi.com\/blog\/disable-magento-2-two-factor-authentication\/","title":{"rendered":"How to Disable Magento 2 Two Factor Authentication"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The latest release,&nbsp;<a href=\"https:\/\/meetanshi.com\/blog\/magento-2-4-release\/\" target=\"_blank\" rel=\"noreferrer noopener\">Magento 2.4<\/a>&nbsp;enables two-factor authentication by default.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Earlier,&nbsp;<a href=\"https:\/\/meetanshi.com\/blog\/install-magento-2-two-factor-authentication\/\" target=\"_blank\" rel=\"noreferrer noopener\">Magento 2 did offer an option to install two-factor authentication<\/a>. The store owner can enable or disable the Magento 2 2FA as per the requirements.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, if you have&nbsp;<a href=\"https:\/\/meetanshi.com\/blog\/download-magento\/\" target=\"_blank\" rel=\"noreferrer noopener\">downloaded the latest Magento 2 version<\/a>&nbsp;and installed it, you might have noticed that the two-factor authentication cannot be disabled.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Though it is not recommended to disable 2FA in Magento 2 for security purpose, you may want to still do it for multiple reasons:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Testing environment<\/li>\n\n\n\n<li>The store is in the development stage<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">There is no option to disable Magento 2 two factor authentication in Magento 2.4 and hence&nbsp;<a href=\"https:\/\/markshust.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Mark Shust<\/a>, a certified Magento developer from Cleveland, Ohio has developed a&nbsp;<em><strong><a href=\"https:\/\/github.com\/markshust\/magento2-module-disabletwofactorauth\" target=\"_blank\" rel=\"noreferrer noopener\">module to disable Magento 2 two factor authentication<\/a><\/strong><\/em>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">His module adds the toggle to enable and disable 2FA from the Magento 2 admin panel.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When you install this module, 2FA is enabled by default in order to prevent any side effects or security loopholes from being introduced during automated installation processes.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To disable it, the admin has to navigate to Stores &gt; Configuration. Under Security, selecting 2FA, expand General section and set&nbsp;<strong>\u201cEnable 2FA\u201d<\/strong>&nbsp;to No.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Method to disable Magento 2 two factor authentication:<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Create&nbsp;<strong>config.xml<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">&lt;?xml version=\"1.0\"?>\n&lt;config xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\"\n        xsi:noNamespaceSchemaLocation=\"urn:magento:module:Magento_Store:etc\/config.xsd\">\n    &lt;default>\n        &lt;twofactorauth>\n            &lt;general>\n                &lt;enable>1&lt;\/enable>\n            &lt;\/general>\n        &lt;\/twofactorauth>\n    &lt;\/default>\n&lt;\/config><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Create&nbsp;<strong>di.xml<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">&lt;?xml version=\"1.0\"?>\n&lt;config xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"urn:magento:framework:ObjectManager\/etc\/config.xsd\">\n    &lt;type name=\"Magento\\TwoFactorAuth\\Model\\TfaSession\">\n        &lt;plugin name=\"bypassTwoFactorAuth\" type=\"MarkShust\\DisableTwoFactorAuth\\Plugin\\BypassTwoFactorAuth\"\/>\n    &lt;\/type>\n&lt;\/config><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Create&nbsp;<strong>module.xml<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">&lt;?xml version=\"1.0\"?>\n&lt;config xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"urn:magento:framework:Module\/etc\/module.xsd\">\n    &lt;module name=\"MarkShust_DisableTwoFactorAuth\">\n        &lt;sequence>\n            &lt;module name=\"Magento_TwoFactorAuth\"\/>\n        &lt;\/sequence>\n    &lt;\/module>\n&lt;\/config><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Create&nbsp;<strong>system.xml<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">&lt;?xml version=\"1.0\"?>\n&lt;config xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\"\n        xsi:noNamespaceSchemaLocation=\"urn:magento:module:Magento_Config:etc\/system_file.xsd\">\n    &lt;system>\n        &lt;section id=\"twofactorauth\">\n            &lt;group id=\"general\">\n                &lt;field id=\"enable\" translate=\"label\" type=\"select\" sortOrder=\"1\" showInDefault=\"1\" canRestore=\"1\">\n                    &lt;label>Enable 2FA&lt;\/label>\n                    &lt;source_model>Magento\\Config\\Model\\Config\\Source\\Yesno&lt;\/source_model>\n                    &lt;comment>Warning: Enabling 2FA will immediately prompt admin user for OTP code.&lt;\/comment>\n                &lt;\/field>\n                &lt;field id=\"force_providers\">\n                    &lt;depends>\n                        &lt;field id=\"enable\">1&lt;\/field>\n                    &lt;\/depends>\n                &lt;\/field>\n                &lt;field id=\"webapi_notification_url\">\n                    &lt;depends>\n                        &lt;field id=\"enable\">1&lt;\/field>\n                    &lt;\/depends>\n                &lt;\/field>\n            &lt;\/group>\n        &lt;\/section>\n    &lt;\/system>\n&lt;\/config><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Create&nbsp;<strong>BypassTwoFactorAuth.php<\/strong><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">&lt;?php\ndeclare(strict_types=1);\n\nnamespace MarkShust\\DisableTwoFactorAuth\\Plugin;\n\nuse Magento\\Framework\\App\\Config\\ScopeConfigInterface;\nuse Magento\\TwoFactorAuth\\Model\\TfaSession;\n\nclass BypassTwoFactorAuth\n{\n    \/** @var ScopeConfigInterface *\/\n    private $scopeConfig;\n\n    public function __construct(\n        ScopeConfigInterface $scopeConfig\n    ) {\n        $this->scopeConfig = $scopeConfig;\n    }\n\n    \/**\n     * If the TwoFactorAuth module Enable setting is set to false, always return true here so all requests bypass 2FA.\n     * Otherwise, return the original result.\n     *\n     * @param TfaSession $subject\n     * @param $result\n     * @return bool\n     *\/\n    public function afterIsGranted(TfaSession $subject, $result): bool\n    {\n        return !$this->scopeConfig->isSetFlag('twofactorauth\/general\/enable')\n            ? true\n            : $result;\n    }\n}<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Create&nbsp;<strong>registration.php<\/strong>:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">&lt;?php\nuse Magento\\Framework\\Component\\ComponentRegistrar;\n\nComponentRegistrar::register(\n    ComponentRegistrar::MODULE,\n    'MarkShust_DisableTwoFactorAuth',\n    __DIR__\n);<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Create&nbsp;<strong>composer.json<\/strong>:<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">{\n    \"name\": \"markshust\/magento2-module-disabletwofactorauth\",\n    \"description\": \"The DisableTwoFactorAuth module provides the ability to disable two-factor authentication.\",\n    \"require\": {\n        \"php\": \">=7.3\",\n        \"magento\/framework\": \">=103\"\n    },\n    \"type\": \"magento2-module\",\n    \"version\": \"1.0.0\",\n    \"license\": [\n        \"MIT\"\n    ],\n    \"autoload\": {\n        \"files\": [\n            \"registration.php\"\n        ],\n        \"psr-4\": {\n            \"MarkShust\\\\DisableTwoFactorAuth\\\\\": \"\"\n        }\n    }\n}<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">That\u2019s it.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You can also enable or disable 2FA from the command line using the below command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>bin\/magento config:set twofactorauth\/general\/enable 0<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Also, do share the post with the Magento Community via social media.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Thank you.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Related Post \u2013&nbsp;<a href=\"https:\/\/meetanshi.com\/blog\/solved-syntax-error-while-installing-magento-2-4\/\" target=\"_blank\" rel=\"noreferrer noopener\">[Solved] Syntax Error \u2013 Unexpected \u2018)\u2019 While Installing Magento 2.4<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The latest release,&nbsp;Magento 2.4&nbsp;enables two-factor authentication by default. Earlier,&nbsp;Magento 2 did offer an option to install two-factor authentication. The store owner can enable or disable&#8230;<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[34],"tags":[],"class_list":["post-5882","post","type-post","status-publish","format-standard","hentry","category-magento"],"acf":[],"_links":{"self":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/5882","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/comments?post=5882"}],"version-history":[{"count":2,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/5882\/revisions"}],"predecessor-version":[{"id":14687,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/posts\/5882\/revisions\/14687"}],"wp:attachment":[{"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/media?parent=5882"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/categories?post=5882"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/meetanshi.com\/blog\/wp-json\/wp\/v2\/tags?post=5882"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}