To a Magento 2 store, the security issue is one of the most important things. Every time an admin signs in to the dashboard, the store needs a more secure method rather than just using a password – an obsolete way of protection. So to enhance system security in general, people have invented various ways of multiple layers of security that partly reduce the burden of unauthorized access. One of them is 2-factor authentication which is also applied in the Magento security system. In recent years, Magento store owners prefer Google Authenticator because of its popularity and convenience.
This blog will guide you through how to set up and use Magento 2 two-factor authentication for the Magento admin first-time sign in. So there we go!
Table of contents
I. What is Two-Factor Authentication?
When it comes to the definition of two-factor authentication, I think no one can put it better than Wikipedia:
“ Two-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are. A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly-generated and constantly refreshing code which the user can use.
Two-step verification or two-step authentication is a method of confirming a user’s claimed identity by using something they know (password) and a second factor other than something they have or something they are.”
Particularly speaking, in this situation the 2FA to verify login attempts are a password and the scanning of a QR code using third party devices. Below are the steps to configure 2FA in Magento admin.
Related posts: How to Disable 2FA in Magento 2.4 Using Command Lines How to Update Magento Admin Account Information 10 Proven Tips for Securing Your Website From Hackers |
II. How to Set up Magento 2 Two-Factor Authentication
Step 1: Set up Magento 2 Two-Factor Authentication
In the Admin dashboard, navigate to Stores > Settings > Configuration
Span Security then select 2FA
Span the General section and choose Magento Google Authenticator in the Provider to use field. If you use the default setting (by clicking Use system value), Magento will take Google Authenticator as your default provider.
- Note: You can choose any 2FA providers you want but in this tutorial, we just focus on the Google two-factor authentication.
Next, below the General section, span Google section. Here is the place where you can determine how long the one-time-passwords are valid for. The default value is 60, which means the OTP value will be changed every 60 seconds.
Now click Save Config and move on to the next steps.
Optimize Your Magento Store With Powerful Extensions
Looking for fast, efficient and well-coded extensions to build or optimize your Magento stores for sales boosting? Then visit Magezon website and grab necessary add-ons for yours today!
Step 2: Use Google Authenticator
Sign in to the Magento admin, you will see a new authenticator screen with a QR code like the image below.
There are 3 ways for you to verify your account.
Method 1: Scan QR code using your smartphone
- First, install the Google Authenticator app on your mobile.
- Open the Google Authenticator app, tap the + button in the lower right corner of your phone screen. Then choose the Scan QR code option.
- Centre the camera that contains a red box on the QR code from the authenticator screen.
- After the recognition process, Google Authenticator app will show you a 6-digit code. Enter the code in the field Authenticator code.
- Hit the Confirm button.
Method 2: Scan QR code using your web browser
- Install the Google Authenticator extension on your browser.
- Click the Authenticator icon in the toolbar and capture the page.
Method 3: Enter QR code manually
Like the first way, after opening the Google Authenticator app, hit the + button. Instead of choosing Scan QR code, select Manual Entry. Then enter the email address associated with your Magento admin account, and paste the QR code string into the Key field.
That’s it. From now on you are not required to repeat that complicated process. For each time signing in, you just open the Google Auth app/extension and pick up a random 6-digit code as the second factor of 2FA. Like the image below:
Wrap it up
To avoid unauthorized access, multi-layered security is such an important part of the admin sign-in process. Hoping that after reading this tutorial, you have a deeper understanding of using Magento 2 two-factor authentication, and hence, you can upgrade your store security.
Along with these useful Magento 2 tutorial blogs, we also provide you with world-class Magento 2 extensions and plugins that help empower your web store. So check it out!
Optimize Your Magento Store With Powerful Extensions
Looking for fast, efficient and well-coded extensions to build or optimize your Magento stores for sales boosting? Then visit Magezon website and grab necessary add-ons for yours today!