Magento Development Basics
Symlinks in Magento 2
What is the Dependency Inversion Principle and How it is Used in Magento 2?
Magento & Dev Environment Setup
Configuration and Use LiveReload in Magento 2
Magento 2 Frontend Tools for Developers
How to Use Grunt in Magento 2?
Theme development
How to Exclude Specific JS Files from Minify?
How to Call the Helper Method in PHTML Template File?
Easiest Way to Load Your Custom JS Component in Magento 2
Theme Development Best Practices
How to Extend Existing Jquery Widget in Magento 2?
How to Add a Link in the Top Menu in Magento 2
How to Add a link in Your Account Navigation for Magento 2?
How to add non-category link to navigation menu in Magento 2?
How To Use Private Content or Sections in Magento 2?
How to Call Custom PHTML in Admin Product UI-component form in Magento 2?
How to add a static block in a sidebar column Magento 2?
How to show description of the product in wishlist phtml file?
How to Add Variables for Magento 2 Templates?
How to Create a Custom Widget in Magento 2?
How to Create a New Custom Tab in the Product Detail page in Magento 2?
Remove unnecessary link from My Account in Magento 1
Difference Between Attributes Remove and Display True|False in the Layout
Magento Customization & Extension Development
How to Override Reorder Functionality in Magento 2 by Disabling Core Plugin?
How can I Check Which Final Preference Class is Used for any Particular Class?
What are the main benefits of the all new PHP 7.2 for Magento sites?
How to Create REST API in Magento 2?
How to Configure URL Rewrites in Magento 2?
How To Use cURL In Magento 2?
How to Create a New Router in Magento 2?
Display Custom Product Price
How to Set a Custom Price Programmatically in Magento 2
How to Use a Custom Price Template in Magento 2?
CLI
How to Setup and Remove Cron Using CLI in Magento 2?
How to change the Magento 2 configuration from the CLI command?
How to check your code is compatible with PHP?
Recurring Setup Script in Magento 2
Admin Panel Configuration & Customization
How to Display a Custom Admin System Notification in the Admin Panel Magento 2?
How to Change PAD Length in Order Increment Number in Magento 2?
How to Setup Configuration Setting for a Module in Magento 2?
How to attach a file in product admin form and display attachment in product detail page in Magento 2?
How to Create system.xml Configuration in Magento 2?
How to Create a Custom Tab and Call Custom PHTML in Admin Category form in Magento 2?
How to Add a Custom Button in the Admin Product UI-component form in Magento 2?
How to Display EAV Attribute Data in Magento Custom Grid?
Add View Button in Admin Grid to Open a View Page in Slide indow in Magento 2
Translation
How to Generate a Translation Dictionary of a Module in Magento 2?
Multi Store Configuration, Store Management
How to create multiple websites in Magento 2?
How to Create and Use Language-pack Component in Magento 2?
How to Convert the Price from One Currency to Another in the Magento 2?
Store Configuration
How to setup Refer Email to a Friend in the Magento 2?
How to Set Up Magento 2 RSS Feed?
How to Send Order Email to a Custom Email Address?
How to Configure Magento 2 Swatches?
Account Page
How to Remove Unnecessary Customer Account Links in Magento 2?
Cache Management
How to Use Cache-clean.js Watcher Utility in Magento 2?
How to Add Block to Cache In Magento 2
How to Get Customer Session Data When a Cache is Enabled in Magento 2?
How to Check Customer is Logged in or Not When a Cache is Enabled in Magento 2
Category and Product customization
How to Prevent/omit Category Path from Product URL to Access The Product Page?
How to Add a Column to the Tier Price in Magento 2 Admin?
Which Search Engine I Can Choose Among the Phinx/Solr/Elasticsearch?
Taxation Setup
How to Set Up Tax Rules in Magento 2?
Shipping Method
Add Grand Total in Shopping Cart Rule Condition
How to setup Free Shipping in Magento 2?
How to Create a Shipping Method in Magento 2?
Payment Method
How to Add a Custom Payment Method to Magento 2 Checkout?
How to setup Authorize.net in Magento 2?
Checkout Customization
How to Move Telephone Field in Checkout for Magento 2 Sites?
Email Queue
How Does Email Queue Works in Magento?
Cron Scheduler
Secure Direct Access of cron.php File from the Browser
How to Install Magento SUPEE-11086 Patch
How to Enable 2FA Google Authenticator in Magento 2.3.x
Magento Application Testing
How to Generate Data for Performance Testing in Magento 2?
e-commerce
The Best Domain Extension for eCommerce – 11 Extensions to Choose From
Chapters Close

How to Enable 2FA Google Authenticator in Magento 2.3.x

blog-banner-how-to-enable-2FA-google-authenticator-in-magento-2.3.x

In this post, I will be guiding you to enable Two-Factor Authentication (2FA) in the Magento 2.3.x version.

The advantage of 2FA:

  1. Higher security for your Magento 2 Admin
  2. Lower the risk of a data breach.
  3. Give your store more value.

Let’s do it

Introduction

A user-friendly two-factor authentication was invented and patented by Indian origin: BHASKAR RAGHAV [IN] and KUNAL SHARMA [IN] for the Google Authenticator app. It is the most accepted concept today. Many mobile apps and websites are using it.

TOTP or time-based one-time password, is used by Google Authenticator, which keeps changing the password every 30 seconds. Two users can’t have the same password, and it is generated randomly.

2FA extension comes pre-installed by the latest Magento 2.3 is built by the MSP team. It is necessary that everyone must enable this out-of-box feature in the M2 Webstore and other login accounts.

How to

Register device with the Magento 2FA login

  • Login to your Magento 2 Store admin
  • On left hand side, click on Stores > Configuration link
  • On the configuration page, browse to the SECURITY > 2FA.
  • Enable the 2FA service of the one of the providers you frequently use. Like I have enabled Google Authenticator.
  • To force all users to use 2FA you must uncheck the “Use system value” of Force providers field and select the Google Authenticator.
  • After I have enabled the 2FA of Google Authenticator then admin will be logout and QR code scan page will be required to register your device.
  • Next step is to scan the above QR code from the Google Authenticator app and provide the 6 digit code in this form then click the Confirm button.
  • On success I will be redirected to the Magento 2 Admin dashboard page.
  • Now my device is registered for 2FA and feels safer now.

Login admin after Magento 2FA setup

  • When you visit the Admin login, you will be asked for username & password.
  • After the login success, you will be asked for the 6 digit number password from the Google Authenticator app.
  • Submit the correct 2FA code & you are logged in the Magento 2 admin.
  • Now you can do your admin things.

Multiple Factor Authentication Setup in 2FA

Surprisingly you can assign users their 2FA app preferences like Google Authenticator, Duo Security, Authy and U2F Devices (Yubikey and others).

Note: For this “Force providers” must check(✔) the “use system value” in the 2FA configuration page.

For that here is the real-world use case:

User Authenticator provider
Main admin Google Authenticator
Shipper Authy
Inventory users Duo Security
Managers and Marketing users U2F USB Authentication device

Disabled the 2FA code in the emergency

  • You can disable the 2FA by below command:
    php bin/magento msp:security:tfa:disable
  • Once you have deployed, tested or done admin operations then you re-enable the 2FA from the admin.

Advantages

  1. Your store is more secure from the hackers who are trying to steal sensitive data.
  2. Only 1 admin account can be shared with multiple users so you have full control over data.
  3. You can assign multiple authentication providers for each user.
  4. Before the 2FA login, an admin account shared the login details with multiple users and if anyone made changes to the data then it was not possible to identify.

Disadvantages

  1. 1 extra step is required to pass for Admin access
  2. You cannot share your admin details to users like developers working remotely. So have to create a new user for them.

    We hope you found this article insightful. Feel free to drop your comments below, and contact us for any help needed in developing the Magento store.
Previous Case Study How to Install Magento SUPEE-11086 Patch Previous
View All Blog View All Blog View All
Next Case Study How to Generate Data for Performance Testing in Magento 2? Next
Speak your Mind

Post a Comment

Got a question? Have a feedback? Please feel free to leave your ideas, opinions, and questions in the comments section of our post! ❤️

* This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You May also like

Related Blog

how-email-queue-works-in-magento

Apr 2nd, 2018

3 min to read

How Does Email Queue Works in Magento?
banner-Add-Custom-Validation-Rule-in-Magento-2

Apr 10th, 2018

5 min to read

Add Custom Validation Rule in Magento 2
banner-Secure-direct-access-of-cron.php-file-from-the-browser

Jun 5th, 2018

2 min to read

Secure Direct Access of cron.php File from the Browser

Grow your online business like 3,289 subscribers

    * This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
    envelope

    Thank You!

    We are reviewing your submission, and will be in touch shortly.