I am back with another Magento 2 security tutorial. In the last guide, I have shown you the method of adding Magento 2 reCAPTCHA and today, you will learn how to configure Magento 2 Two Factor Authentication.
In this Magento 2 reCAPTCHA tutorial, I have mentioned about the announcement from Magento in which they revealed about Magento 2 Two Factor Authentication being added to all Magento 2.1 and above versions.
Two Factor Authentication is another one of Magento 2 best security practices which are designed to protect your store from attackers. Even if the attacker gets your store’s login credentials, he cannot access it because of an additional security layer.
Before going to the implementation phase, let’s first understand how Magento 2 Two Factor Authentication works:
What Magento 2 Two Factor Authentication Do?
It will break the login process of your Magento 2 admin panel into two steps:
- First Step: You have to enter the login credentials, username, and password.
- Second Step: You have to pass Two Factor Authentication.
Let’s start setting up Magento 2 Two Factor Authentication
Steps to Follow
Install Magento 2 Two Factor Authentication
Launch SSH Terminal and connect your Magento 2 store. Then go to its root directory and run the following CLI command:
composer require msp/twofactorauth:3.0.0
Then you have to enable Two Factor Authentication module by running this command:
php bin/magento module:enable --all
Once it’s done, then upgrade the setup by running this command:
php bin/magento setup:upgrade
Now compile the setup by running this command:
php bin/magento setup:di:compile
Last, not least, clean and flush the cache by running these commands:
php bin/magento cache:clean
php bin/magento cache:flush
The installation has been completed, now move to its configuration section.
Configure Magento 2 Two Factor Authentication
Before starting to configure, let me tell you that there are four types of 2FA provider options that you can add to your store:
- Google Authenticator
- Duo Security
I will add Google Authenticator 2FA in Magento 2 powered store, you can use any other provider according to your needs.
After adding this Two Factor Authentication in your store’s admin panel, it will ask to scan the barcode using Google Authenticator application and then you will have to enter the provided code to access the admin panel.
So, now login to the admin panel of your store and navigate to STORES → Configuration:
Click on 2FA under SECURITY tab:
Now here unfold the General section, select Yes from Enable Two Factor Auth and select Google Authenticator from Force providers which means that it will automatically be used for all the users to access the admin panel.
Note: If you want to set different Two factor Authentication providers for different users, then don’t select any provider from Force Providers and go to your users list from SYSTEM → All Users to select Two factor Authentication provider for each user after enabling the provider.
Now unfold Google Authenticator section and select Yes from Enable This Provider. Then Enable “trust this device” option, which has two options:
- Yes: If you want the user not to enter the authentication code for every login per device.
- No: If you want the user to pass through the authentication process to login to your admin panel.
As I have mentioned before that I will set Google Authenticator Two Factor Authentication which is now almost done. However, you can configure different providers by going to their sections. Let me give you a short overview for setting other providers.
Unfold U2F Devices(Yubikey and others) section and follow the same method which I have for Google Authenticator:
Unfold Duo security section, enable it and then enter the required details (Integration Key, Secret Key, API Hostname) which you will get from your Duo account:
Unfold Authy section, enable it and then enter the required details which you will get from your Authy account:
Now you have to save Magento 2 Two Factor Authentication configuration, just click on Save Config from the top of the page:
It’s time to check the result, logout, and login again to your admin panel, it will ask for the code which you will get by scanning the barcode through Google Authenticator:
It means that Magento 2 Two Factor Authentication was successfully configured.
As to run a Magento online store successfully, you can’t compromise on its security and for that you have to follow certain security practices, and Two Factor Authentication is one of them. It will protect and secure your Magento 2 powered store from attackers by adding an extra layer of security.
After following this guide, you can now configure Magento 2 Two factor Authentication. Still, have a confusion related to this guide? Drop your query inthe comment box below and I will get back to you!