Learn Magento 2

One of the most used Opensource E-Commerce Platform build on Enterprise level!

• Last Updated: 01/10/2020
• ( 13 minutes reading )

How to configure Two-Factor Authentication (2FA) in Magento 2

Introduction

In this tutorial, we will guide you on how to add an extra layer of security to your Magento Admin Dashboard and protect it from unauthorized access. Enabling Two-Factor Authentication will defend your Magento admin panel and sensitive data from various attacks, such as Brute-force, hackers, keyloggers and other threats. With 2FA enabled on your Magento store, you will be obligated to provide a passcode that can be obtained from an additional smart device configured for the purpose.

 

Getting Started

The first step we will need you to take is to log in to your Magento Admin Dashboard and navigate through the left menu bar to Stores > Configuration.

 

Accessing the Configuration page

 

After you access the “Configuration” page, please locate the “2FA” section available under the “Security” tab.

 

Accessing the 2FA page

 

Once you are there, we are ready to begin. Magento supports four different 2FA methods you can choose from. You are welcome to select the most convenient method depending on your needs. In the following lines, we will review how to enable and configure each of them.

 

Enabling Google 2FA

Google Authenticator” is free to use and available for download on Google Play Store and iOS App Store. Please go ahead and install it on your device as you will need it in order to successfully configure 2FA for your Magento store.

Please expand the first “General” section where you will need to enable Two-Factor Authentication on your Magento Online Store. In order to do that, please select “Yes” from the “Enable Two Factor Auth” dropdown menu.

 

Google General section

 

The second “Force Providers” setting will allow you to control whether each of the admin users will be required to go through two-factor authentication. Leaving the default system value (none of the providers selected) will allow users to individually select their preferences. As we will be enabling “Google 2FA”, please untick the “Use System Value” checkbox and select “Google Authenticator” from the list.

Next, please expand the “Google Authenticator” section and select “Yes” from the “Enable this provider” dropdown menu. The “Enable "trust this device" option” setting will allow you to control whether authentication will be required on every login. If set to “Yes” the user will NOT be required to enter their authentication code for every login, vice versa if set to “No” the user will be forced to authenticate for every login.

 

Google Authenticator section

 

Once you are ready, please click on the “Save Config” button.

Then you will be prompt with a new page where you will need to enter the “Authenticator code” obtained from your smart device.

 

Entering the Authentication code

 

Now, please open the “Google Authenticator” app on your device and either scan the QR code or enter the code available below. Once this is done you will be provided with the six digits “Authenticator code” that needs to be entered into the empty field. When you are ready, please click on the “Confirm” button.

You are all set! You have successfully enabled Two-Factor Authentication on your Magento Admin Login page.

 

Enabling U2F Devices 2FA

This authentication method requires a physical device such as YubiKey that needs to be plugged in your computer in order to successfully confirm your identity and gain access. If you would like to enable this 2FA method, please expand the “General” section, make sure “Enable Two Factor Auth” is set to “Yes” and select “U2F Devices (Yubikey and others)” from the “Force providers” list.

 

U2F General section

 

Afterward, please expand the “U2F Devices (Yubikey and others)” section and select “Yes” from the “Enable This Provider” dropdown menu. From the“Enable "trust this device" option” setting you will need to choose whether the key needs to be plugged in for every login. If set to “Yes” the user will NOT be required to plug in the device, oppositely if set to “No” the user will be forced to plug it in for every login.

 

U2F Devices section

 

Once you are ready, please click on the “Save Config” button.

Then you will be redirected to a new page requiring a confirmation. Please plug in the key and touch the button.

 

U2F key authentication

 

Once this is done, you will be all set with 2FA successfully enabled in your store.

 

Enabling Duo Security 2FA

Duo Security is a vendor of cloud-based Two-Factor authentication services. In order to configure it, please expand the “General” section, make sure “Enable Two Factor Auth” is set to “Yes” and select “Duo Security” from the “Force providers” list.

 

Duo Security General section

 

Afterward, please expand the “Duo Security” section and select “Yes” from the “Enable This Provider” dropdown menu. You will also need to enter the required “Integration key”, “Secret key”, and “API hostname” details which you can obtain from your Duo account. Once you log in to your Duo account from the left menu bar select “Applications”. You will be presented with a new page where you will need to click on the “Protect an Application” button. Afterward, from the list of applications, please locate “Auth API” and click on “Protect this application”. Under the page, you will find the required details.

 

Duo Security section

 

Once you are ready, please click on the “Save Config” button.

Then you will be prompt with a new page to start the set up of Duo Security. Please click on the “Start Setup” button in order to continue.

 

Start Setup page

 

On the following page, you will need to select the type of device which will be used to authenticate your account and click on “Continue”.

 

Type of device page

 

On the next step, you will have to select your base country, add your phone number and click on “Continue”.

 

Country and Phone number page

 

Then you will have to select the OS powering your device and click on “Continue”.

 

OS type page

 

Afterward, you will need to confirm you have the “Duo Mobile” app installed on your device. If you have not yet installed it, please go ahead and do it. It is available for download in the Google Play Store and iOS App Store.

Next, please scan the QR code with your smart device and once it is detected click on “Continue”.

 

Scanning the QR code

 

On the following page, you will need to select the most suitable verification option from the “When I log in” dropdown menu and click on “Continue to Login”.

 

When I log in page

 

Finally, please select one of the following options to verify your account.

 

Selecting the verification method type

 

Once you are verified you will be automatically logged in your Magento Admin Dashboard and you will be all set.

 

Enabling Authy 2FA

Authy is a free app for Two-Factor authentication which can be downloaded from Google Play Store and iOS App Store. Along with Google, Authy is one of the most popular 2FA applications. In order to enable it, please expand the “General” section, make sure “Enable Two Factor Auth” is set to “Yes” and select “Authy” from the “Force providers” list.

 

Authy General section

 

Afterward, please expand the “Authy” section and select “Yes” from the “Enable This Provider” dropdown menu. You will also need to enter the “API key” which you can obtain by creating an account here. Once your Twilio account is created, please navigate through the left menu bar to All Products & Services > Authy. Then select “Applications” and add a new one. Once it is created copy the “Production API Key” and paste it here.

You will also need to choose whether authentication will be required on every login. Please select “No” from the “Enable "trust this device" option” if you do not want to authenticate for every login, alternatively, please select “Yes”.

The “OneTouch Message” option allows you to enter your custom message which will be used in the future.

 

Entering Authy API key

 

Once you enter all the required details, please click on the “Save Config” button.

Afterward, you will be redirected to a new page where you will need to select your base country, enter your phone number, choose the verification method you prefer and click on “Continue”.

 

Authy Country and Phone number page

 

Afterward, please enter the verification code you have received on your mobile device and click on “Verify”.

 

Entering the Verification code

 

After you verify successfully you will be all set.

If at some point you happen to experience any difficulties with 2FA on your Magento Store you can disable it globally by executing the following command via the command line:

 

bin/magento msp:security:tfa:disable

 

Please note that this command requires the permissions of the “magento” binary file set to 0777 (Magento Installation root directory > bin > magento). You can change the permission directly via the command line or through the “File Manager” available in your cPanel account. If you have any difficulties changing the permissions, please make sure to contact our Technical Support Staff for further assistance.

 

As you can see enabling each of 2FA methods is quite simple and straight forward. We hope you have found our guide easy to follow and you have managed to successfully configure Two-Factor Authentication on your Magento Store. You are always welcome to contact our Support Team in case you have experienced any kind of difficulties during the configuration.



...
Sebahat
Content Marketing Specialist

Sebahat is a young and bright woman who has become an invaluable part of our team. She started as a Customer Care Representative, mastering that role and, along the way, growing into a tech-savvy individual who is well acquainted with every support layer of the company. Driven by her aim to improve our customers’ experience constantly, she is committed to enhancing the extraordinary support we deliver.