Think of a vulnerable section in your Magento e-commerce store that could prove to be a goldmine for hackers? Yes. The administration panel.
Providing hackers with easy access to tons of information, including the confidential data of buyers – your administration panel is a crucial asset you must take care of. This is when two-factor authentication from Magento helps you out.
Two-Factor Authentication in Magento 2
Two-Factor authentication in Magento 2, also known as 2FA, is an extension that helps you by improving security. It makes Magento Admin UI accessible only with two-step authentication. The extension is compatible with multiple authenticators like U2F keys, Google Authenticator, and Authy. However, the extension applies only to Admin users and doesn’t render its services to storefront customer accounts.
With 2FA, you will be able to:
- Verify the supported authentication providers from the Admin
- Reset authentication for users
- Configure authenticator settings per user account or globally
Activating 2FA in Magento
The 2FA Magento extension installs like a Core Bundled Extension (CBE) when you upgrade your current Magento version or install Magento Open Source or Commerce 2.4X.
Here are the steps you need to follow to activate two-factor authentication in Magento 2 using Google Authenticator:
- Log in to Magento admin. From the Admin sidebar, click Stores > Settings. Next, click Configuration.
- From the left panel, click Security > 2FA
- Under General, select Provider to Use. You can select more than one provider by holding down the Ctrl key on the Windows and the Command key on Mac and clicking each item.
- Click Save Config.
- Now, the next time you will log in to Magento Admin, you will be asked to configure the 2FA solution and then use it for authentication purposes.
- So, assuming you have selected Google Authenticator for this purpose. As soon as you sign in to the Magento Admin, a screen containing a QR code will pop up.
- Next, open the Google Authenticator app on your mobile, and tap the plus icon to add a new entry. Scan the QR code with your smartphone camera. You will be provided with a 6-digit code. Enter that code in the Admin Authenticator code field. This will configure the Google Authenticator.
- Now, whenever you log in to the Magento Admin, you will need to Google Authenticator on your mobile device and add the six-digit code when prompted.
The Wrap Up
As you can see, configuring two-factor authentication on Magento is simple. All you need to do is follow the right steps. Are you stuck anywhere? Or do you have any queries? Let us know in the comments below.