Christmas Sale: 20% off on all products. Coupon code: FMECS2024
How to Setup Two Factor Authentication in Magento 2
In today’s digital age, online security is the number one concern. This is best understood through the below statistic.
Source: Statista
Besides undermining your store’s reputation and compromising sensitive data, poor security has a financial cost. Businesses are often forced to contend with lawsuits, regulatory actions, and step up their security. All of it consumes significant financial resources. The below statistic shows the change in fraud prevention budget worldwide.
Source: Statista
Based on the above statistic, 75% of the consumers expressed a willingness to increase their budget due to the ever-evolving threat of cyberattacks and fraud. As a business owner, you could have used these resources in offering more products, improving service quality, and adding new features to the website.
So, what’s the best way to improve your store’s security? Simply setting up two-factor authentication (2FA) goes a long way in improving your store’s security. The best thing is that it doesn’t even require technical expertise nor substantial resources. All you need to do is follow our guide on how to set up 2FA in Magento 2.
Before we list the steps, let’s ask a quick question?
Is Two-Factor Authentication Really Helpful in Protecting your Magento 2 Store?
When ever we ask merchants to set up 2FA, they simply roll their eyes, thinking what good it will do against a growing list of threats. Our answer is that 2FA is one of the most inexpensive but highly effective ways to boost online security. Even if your password is compromised, no one can log in unless they have the secondary code.
If you don’t believe us, consider the below statistic.
Source: Statista
The above statistic is not a response to some generic question. Instead, the nearly 2000 participants work for online merchants with more than US $50 million in revenue. More importantly, the participants are anti-fraud professionals. If they are saying that 2FA is the best way to improve your store’s security, there’s no reason to doubt this suggestion whatsoever.
No, let’s focus on setting up 2FA in Magento 2.
Setting up Two Factor Authentication in Magento 2 – Step by Step Guide
Step 1 > The first thing you need to do is connect to your server using the SSH Terminal.
Step 2 > Navigate to the Root Directory and type in the following command:
composer require msp/twofactorauth:3.0.0
This will install the 2FA module.
Step 3 > Once the installation is complete, you need to enable the module by using the below commands:
php bin/magento module:enable –all
php bin/magento setup:upgrade
Step 4 > To be on the safe side and avoid any issues, we recommend clearing the cache. There are three ways to clear the cache in Magento 2. The simplest way to do so is using the Magento Command Line and entering:
php bin/magento cache:flush
php bin/magento cache:clean
Step 5 > This step involves installing an authenticator such as Google Authenticator, Duo Security, U2F Devices, or any other. For this guide, we will select Google Authenticator. Don’t use more than 1 authenticator since it can complicate things, and you will need to enter the security code from each. Go to the Magento 2 Admin Panel > Stores > Configuration > Security > 2FA.
Step 6 > Expand the General Section by clicking on the downward arrow next to it on the right side. You will get this window:
In the Enable Two Factor Auth section, turn it to ‘Yes’ and then use Google Authenticator in the Force providers option.
Step 7 > You have two more options to configure as shown below:
In enable trust this device option, we leave the configuration up to you. If you want users to provide the 2FA code every time, disable it. If not, then turn it to ‘Yes’ as we have done so.
Step 8 > Click on ‘Save Config’ to save the settings.
Step 9 > Log out from the Admin Panel.
Step 10 > Install the Google 2FA app on your smartphone and then log in to your Magento 2 admin panel. Once you enter your username and password, a QR code will pop up which you’ll need to scan from your smartphone. Now, enter the code to complete the sign in process.
Final Thoughts on Setting Up 2FA in Magento 2
This concludes our article on how to set up 2FA in Magento 2. If you have any questions, reach out to our support team. Remember, passwords are easy to crack using advanced techniques. 2FA adds an extra layer of security which is nearly impossible to exploit, ensuring your store is secure against unauthorised access.
To further strengthen your store’s security, we recommend preventing fake registrations using FME’s Magento 2 Restrict Fake Registration Extension. The extension allows you to restrict registrations based on email domains, IP addresses, special characters, character limits, and more.
Read More Magento Blogs
This blog was created with FME's SEO-friendly blog