Screenshots

Icon Money Back

60-day Money Back

Icon updates

Frequent Update

Icon Support

365-day Support

Two-Factor Authentication for Magento 2

v4.0.4

Magento 2 Two-Factor Authentication extension is the effective solution with the latest advancement to help e-commerce business increase system security and be better protected from unauthorized access.

Total price:

FREE

Magento 2 Two-Factor Authentication for Magento 2.3.x, 2.4.x CE/EE/B2B/Cloud/ Adobe Commerce 2.3.x, 2.4.x

Problems

It has become easy to steal users credentials using key loggers, phishing attacks, viruses etc. Many stores are attacked due to the the low security of admin accounts. Meanwhile, in Magento 2 default, the process to sign in admin account is quite simple using username and password. Therefore, the account information is likely to be vulnerable to malicious stealing activities.

In some cases, store owners would like to set specific access right to different admins: less or more authentication.

Solutions

Magento 2 Two-Factor Authentication extension provides an extra layer using authentication code is required when there is any login attempt to admin panel. This second factor strengthens the defense wall of admin accounts and keep safe for store confidential data.

Employees taking up admin roles can use personal mobiles to verify access easily while keep ensuring security for their stores as well as sensitive business data. As a result, administration job becomes more professional and secured.

Moreover, store owners can save security cost on using any assistance software or resetting password thanks to the support of two authentication factor. This is the great beneficial feature of 2FA.

How to Configure Magento 2 Two-Factor Authentication

Two-Factor authentication to access admin account

Magento 2 Two-Factor Authentication (2FA) requires admin users to pass two verification steps to access store data. The first step is simple with the password and username and the second step is much more secured with unique authentication code. Any steps fails to pass, the admin users will fail to access. As a result, the store data is protected safely.

Mobile authentication app integration is well supported in this extension. The apps such as Authy, Google Authentication will create a confirmation code to help admins account to register 2FA after scanning QR or using manual key. After successfully registering, a unique code which will be provided by the apps for 2FA verification every time an admin logs in.

No requirement if being trusted

One of the most noticeable feature of this extension is setting trusted device function. In case the admin would like to avoid the verification being repeated every time signing in, it is easy to set the account as the trusted device within a specific time period (e.g.,30 days, 60 days).

It is very easy to enable trusted device and set the trusted time by days from the extension configuration section. Then after the first time confirming the account successfully, as long as within the trusted time, the second verification is not required for the next login times. With this feature, it is time-saving for key store admins whose accounts are believed to be reliable.

Trusted device list

It is easy to manage all trusted verified admin roles by the Trusted Device list. The information of logged users are recorded clearly with the following details:

tick icon
Device Name
tick icon
IP address
tick icon
Address
tick icon
Last login time

Besides, super admin or store owners can easily remove any admin accounts from the trusted device in case there is any account updates. Therefore, admin panel can be protected well from the ill-intentioned access.

AVADA Marketing Automation by Mageplaza (recommended)

All-in-one platform for email marketing that allows you to:

tick icon
Follow up and convert customers by Automation Campaigns: Welcome series, Abandoned Cart emails, Order follow up, Cross-sell, Upsell emails
tick icon
Promote your brand and quickly drive sales by sending mass Newsletter Emails
tick icon
Send your messages to the right people and increase conversions with Advanced Segmentation
tick icon
Collect leads and deliver promotions with stunning Signup Forms, and Spin to Win
Learn more

More features of Magento 2 Two-Factor Authentication

Force Using 2FA

Force Using 2FA

Enable/ Disable requiring users to register 2FA.

Trusted Time

Trusted Time

Set trusted time by days.

Reset by command line

Reset by command line

Able to reset two factor authentication for an admin by using command line

Mobile friendly

Mobile friendly

Be well responsive with mobiles, desktop, tablets, and other screen sizes.

Pricing
Choose your suitable edition

Community

Crafted for a great webstore start FREE

  • Access to free lifetime updates
  • Technical support is NOT included - please buy support package if needed
  • Read our policies
  • Supports for Magento 2 Community Edition

Enterprise/ Magento Cloud

Great for an enterprise solution $ 200 first year

  • Free updates within subscription time
  • Free support within subscription time
  • Read our policies
  • Supports for Magento 2 Enterprise Edition
  • Highest priority support

Full features list

Frequently Asked Questions (FAQs)

Kindly follow this guide. Firstly, turn off Forcing to use 2FA function. Then the admin accounts which is not set as trusted device and turn on 2FA will have to use 2FA.

Yes, you can easily see from admin backend and click on remove button to do any removing accounts.

There are two steps. The first is simple with username and password, the second is authentication code provided by the mobile authentication app

We recommend you use Authy and Google Authentication for the best result.

You can do by enabling the trusted device function and set the trusted time by days. Then, in the first login, click on Trust this device for x days. It can be done properly.

Reviews (6)

21 December 2022

Thanks for the support service

It works exactly as described. The after sell support service is very fast. thanks

walter -Verified Purchase
06 May 2022

Recommended

This extension makes sense if you want to protect your site. Totally recommended!

Lizzy -Verified Purchase
20 April 2022

IMPRESSIVE

Great way to protect my store. Amazingly, it's free. I'll come back for more extensions from you.

Dave -Verified Purchase
03 February 2021

Secure

This helps us to set admins and trusted devices quickly so that we don't have to worry about security issues. It's a must-have for stores with many admins. Easy to configure as well.

Jim Burton -Verified Purchase
28 January 2021

First-time customer

I wanted to find a more secure way to protect my site. Luckily to find this. The design was beautiful and surprisingly it's free. I'm looking forward to using your other extensions.

Emily Howard -Verified Purchase
12 September 2019

Perfect as always

I want to say the extension is beautiful from the design, security function, but support is the most impressive. They offer their great help when I need it. Wish that I could purchase all my extensions from Mageplaza. It is surely beyond FIVE STAR support compared to other vendors in the Magento market.

Kathryn -Verified Purchase

Leave a Review

How do you rate this product?

Your email address on Mageplaza's store

Plain text, no HTML tags.

Release Notes

  • v4.0.4 (Magento v2.3.x)

    08 November 2022

    • Compatible with Magento v2.4.5
  • v4.0.3 (Magento v2.3.x)

    01 June 2022

    • Updated google authentication library
  • v1.1.3 (Magento v2.3.x)

    01 June 2022

    • Updated google authentication library
  • v4.0.2 (Magento v2.3.x)

    16 August 2021

    • Updated labels & content
  • v1.1.2 (Magento v2.3.x)

    16 August 2021

    • Compatible with Magento v2.3.7
  • v4.0.1 (Magento v2.3.x)

    05 May 2021

    • Fixed minor bugs
  • v4.0.0 (Magento v2.3.x)

    09 September 2020

    • Compatible with Magento v2.4.0
  • v1.1.1 (Magento v2.3.x)

    28 May 2020

    • Fixed minor bugs
  • v1.1.0 (Magento v2.3.x)

    10 December 2019

    • New feature: reset 2 factor authentication by command line: bin/magento mageplaza-2fa:reset [user_name]
  • v1.0.3 (Magento v2.3.x)

    30 October 2019

    • Fixed error cannot load trusted device by IPs
  • v1.0.2 (Magento v2.3.x)

    24 October 2019

    • Fixed composer error
  • v1.0.1 (Magento v2.3.x)

    15 August 2019

    • Compatible with Magento 2.3
    • Improved UI/UX
    • Improved code style & performance
  • v1.0.0 (Magento v2.3.x)

    31 January 2019

    • Release first version

Two-Factor Authentication's Full Features

Admin account setting 2FA

  • Setting account information: User name, Email, password
  • Enable/ Disable 2FA for the account
  • Input confirmation code from authentication app
  • Use a unique authentication code for each time login
  • Click on trust this device when login to save second authentication confirmation for a specific days
  • View Trusted Device list
  • Remove an admin account from the Trusted Device list

General configuration

Why choose Mageplaza Magento 2 Two-Factor Authentication

Mageplaza provides consistent and customer-centric extensions for your Magento 2 store.

We don't sell products for one time. We provide lifetime solutions which help our customers thrive with their businesses.

innovate exchange partner
mageplaza trustpilot
follow magento coding standard
8 years ecommerce
Icon 60-day Money Back

60-day Money Back

Extensive 60-day money-back period. You love it or get a full refund no questions asked.

Icon Extensive Support Timeframe

Extensive Support Timeframe

Mageplaza provides support 16 hrs/day, 5.5 days/week to guarantee the seamless operation of our extensions on your store.

Icon Install via Composer

Install via Composer

Simple installation via composer helps you save time and eliminates technical issues during future updates.

Icon Frequent Updates

Frequent Updates

Intensive update roadmaps ensure great performance, bug-free, highly compatible, and innovative extensions.