If you are looking for the most efficient way to protect your Magento 2 or Magento 1 admin from unauthorized logins and fraudsters, then you’ve come to the right place: below, we describe how to achieve this goal with the help of the Two-Factor Authentication Magento 2 and 1 extension by Xtento. After installing the module, you will no longer have to fear that someone could log into your ecommerce store admin and steal order, customer, and other sensitive data. In the following post, we show how it is possible.
Two factor authentication adds an additional security level to the login procedure that consists of a new step for accessing the admin interface. In addition to username and password, you have to enter a so called security code, which is a one-time password or OTP generated by a smartphone. Since each code is valid for 30 seconds and can be used only once, two factor authentication turns your Magento 2 admin into an impregnable castle. You only need to install the Xtento Two-Factor Authentication extension for Magento 2 and 1 and an appropriate mobile application.
Next time you decide to visit your Magento 2 admin, turn on a smartphone, open the Authenticator app, and enter the security code along with your login and password. The procedure still remains extremely easy and user-friendly, but it dramatically increases the default security level of the Magento backend, ensuring only you are able to login. No one else is able to generate the security code, so a malefactor needs not only to know your admin and password, but also to get an access to your mobile device. This prevents hackers from logging into your Magento 2 backend.
To set up Two-Factor Authentication for your Magento website, visit your backend and find the Users section; then, click Create Secret Key; next, you only have to scan the barcode using the the Authenticator application. Now, you smartphone generates a new security code every 30 seconds, and the access to the admin is possible only with the help of the code.
In order to make the module more flexible, Xtento adds a new feature to the default functionality of Two-Factor Authentication for Magento 2 and 1: now, you can disable the extra protection layer for certain IP addresses. After specifying them in the Magento admin, you can enter the backend without entering a security code.
As for compatibility, Xtento Two-Factor Authentication for Magento 2 and 1 relies on the Google Authenticator application and works well with
Codes in the iPhone app has the following appearance:
And this is how you create a new account for security codes:
Scanning the barcode looks as follows:
Although Xtento Two-Factor Authentication will make your Magento backend more secure, it does not provide a full protection against hackers. Note that there is a chance that someone hacks an FTP server, stealing sensitive data without entering Magento backend. In this situation the extension is useless.
And if If your smartphone is lost, don’t forget to create a new key. You can do it in the Two-Factor Authentication tab under the ‘Users’ section of the System settings in the Magento admin. This step will prevent someone else from logging into your online store backend using your lost smartphone.
Also note that the secret key is stored on your smartphone only, so neither Google nor Xtento are able to recover it.
As for the price of the Xtento Two-Factor Authentication extension, the module costs $69.75, and it does not matter what version of the platform you use. Additional services include installation (+$43) and 2 hours of extended support (+$88).