Top Magento Hosting Providers for 2018
Check'em Out

How to Setup Magento 2 Two Factor Authentication

I am back with another Magento 2 security tutorial. In the last guide, I have shown you the method of adding Magento 2 reCAPTCHA and today, you will learn how to configure Magento 2 Two Factor Authentication.

In this Magento 2 reCAPTCHA tutorial, I have mentioned about the announcement from Magento in which they revealed about  Magento 2 Two Factor Authentication being added to all Magento 2.1 and above versions.

Two Factor Authentication is another one of Magento 2 best security practices which are designed to protect your store from attackers. Even if the attacker gets your store’s login credentials, he cannot access it because of an additional security layer.

Before going to the implementation phase, let’s first understand how Magento 2 Two Factor Authentication works:

What Magento 2 Two Factor Authentication Do?

It will break the login process of your Magento 2 admin panel into two steps:

  • First Step: You have to enter the login credentials, username, and password.
  • Second Step: You have to pass Two Factor Authentication.

Let’s start setting up Magento 2 Two Factor Authentication

Steps to Follow

Install Magento 2 Two Factor Authentication

Launch SSH Terminal and connect your Magento 2 store. Then go to its root directory and run the following CLI command:

composer require msp/twofactorauth:3.0.0

Then you have to enable Two Factor Authentication module by running this command:

php bin/magento module:enable --all

Once it’s done, then upgrade the setup by running this command:

php bin/magento setup:upgrade

Now compile the setup by running this command:

php bin/magento setup:di:compile

Last, not least, clean and flush the cache by running these commands:

php bin/magento cache:clean

php bin/magento cache:flush

The installation has been completed, now move to its configuration section.

Configure Magento 2 Two Factor Authentication

Before starting to configure, let me tell you that there are four types of 2FA provider options that you can add to your store:

  • Google Authenticator
  • Duo Security
  • Authy
  • U2F

I will add Google Authenticator 2FA in Magento 2 powered store, you can use any other provider according to your needs.

After adding this Two Factor Authentication in your store’s admin panel, it will ask to scan the barcode using Google Authenticator application and then you will have to enter the provided code to access the admin panel.

So, now login to the admin panel of your store and navigate to STORES → Configuration:

Stores-Configuration Magento 2 2FA

Click on 2FA under SECURITY tab:

click 2FA

Now here unfold the General section, select Yes from Enable Two Factor Auth and select Google Authenticator from Force providers which means that it will automatically be used for all the users to access the admin panel.

general 2FA

Note: If you want to set different Two factor Authentication providers for different users, then don’t select any provider from Force Providers and go to your users list from SYSTEM → All Users to select Two factor Authentication provider for each user after enabling the provider.

Now unfold Google Authenticator section and select Yes from Enable This Provider. Then Enable “trust this device” option, which has two options:

  • Yes:  If you want the user not to enter the authentication code for every login per device.
  • No: If you want the user to pass through the authentication process to login to your admin panel.

Google Authenticator

 

As I have mentioned before that I will set Google Authenticator Two Factor Authentication which is now almost done. However, you can configure different providers by going to their sections. Let me give you a short overview for setting other providers.

Unfold U2F Devices(Yubikey and others) section and follow the same method which I have for  Google Authenticator:

U2F Devices

Unfold Duo security section, enable it and then enter the required details (Integration Key, Secret Key, API Hostname) which you will get from your Duo account:

Duo Security

Unfold Authy section, enable it and then enter the required details which you will get from your Authy account:

authy

Now you have to save Magento 2 Two Factor Authentication configuration, just click on Save Config from the top of the page:

save config 2FA

It’s time to check the result, logout, and login again to your admin panel, it will ask for the code which you will get by scanning the barcode through Google Authenticator:

Magento 2 two factor authentication result

It means that Magento 2 Two Factor Authentication was successfully configured.

Wrapping Up

As to run a Magento online store successfully, you can’t compromise on its security and for that you have to follow certain security practices, and Two Factor Authentication is one of them. It will protect and secure your Magento 2 powered store from attackers by adding an extra layer of security.

After following this guide, you can now configure Magento 2 Two factor Authentication. Still, have a confusion related to this guide? Drop your query inthe comment box below and I will get back to you!

About Author

Syed Muneeb Ul Hasan is an expert in PHP and Magento, he prefers to educate users in implementing and learning Magento. When not working, he loves to watch cricket.