Shopping cart

Two-Factor Authentication for Magento 2  

Two-Factor Authentication for Magento 2
magento partner

Mageplaza Two-Factor Authentication is the effective solution with the latest advancement to help e-commerce business increase system security and be better protected from unauthorized access.

  • Second authentication to access admin account
  • Set forcing to use 2FA for specific admins
  • Set trusted device and trusted time
  • Support from mobile authentication app
  • Mobile-friendly display



60-day Money Back


Lifetime Update


365-day Support

Compatible With

CE, EE 2.1.x, 2.2.x, 2.3.x


Problems - Solutions & Applications

The necessity of extra security

  • bug_report The risk of cybercriminals

    It has become easy to steal users credentials using key loggers, phishing attacks, viruses etc. Many stores are attacked due to the the low security of admin accounts.

  • list Set access level for admins

    In some cases, store owners would like to set specific access right to different admins: less or more authentication.

  • highlight_off Limitation of Magento Default

    While in Magento 2 default, the process to sign in admin account is quite simple using username and password. Therefore, the account information is likely to be vulnerable to malicious stealing activities.

The great advantages of two-factor authentication

  • all_inbox Double protection for admin panel

    An extra layer using authentication code is required when there is any login attempt to admin panel. This second factor strengthens the defense wall of admin accounts and keep safe for store confidential data

  • mood Improve administration experience

    Employees taking up admin roles can use personal mobiles to verify access easily while keep ensuring security for their stores as well as sensitive business data.
    As a result, administration job becomes more professional and secured.

  • attach_money Saving management cost

    Store owners can save security cost on using any assistance software or resetting password thanks to the support of two authentication factor. This is the great beneficial feature of 2FA.

Two steps to access

Forcing to use Two-factor authentication Two-Factor Authentication (2FA) requires admin users to pass two verification steps to access store data. The first step is simple with the password and username and the second step is much more secured with unique authentication code. Any steps fails to pass, the admin users will fail to access. As a result, the store data is protected safely.

Support from mobile authentication apps Mobile authentication app integration is well supported in this extension. The apps such as Authy, Google Authentication will create a confirmation code to help admins account to register 2FA after scanning QR or using manual key. After successfully registering, a unique code which will be provided by the apps for 2FA verification every time an admin logs in.

Magento 2 product lables ready-to-use appealing labels

No requirement if being trusted

Two-Factor Authentication Extension for Magento 2 Apply Best-seller labels

Activate trusted device function, set trusted time One of the most noticeable feature of this extension is setting trusted device function. In case the admin would like to avoid the verification being repeated every time signing in, it is easy to set the account as the trusted device within a specific time period (e.g.,30 days, 60 days).

Quick login without authentication code in the next login It is very easy to enable trusted device and set the trusted time by days from the extension configuration section. Then after the first time confirming the account successfully, as long as within the trusted time, the second verification is not required for the next login times. With this feature, it is time-saving for key store admins whose accounts are believed to be reliable.

Trusted device list

It is easy to manage all trusted verified admin roles by the Trusted Device list. The information of logged users are recorded clearly with the following details:

  • Device Name
  • IP address
  • Address
  • Last login time

Besides, super admin or store owners can easily remove any admin accounts from the trusted device in case there is any account updates. Therefore, admin panel can be protected well from the ill-intentioned access.

Easy to customize Product Labels messages by variables in Magento 2

More features

Force Using 2FA

Enable/ Disable requiring users to register 2FA.

Trusted Time

Set trusted time by days.

Mobile friendly

Be well responsive with mobiles, desktop, tablets, and other screen sizes.

Full Features List

Admin account setting 2FA

  • Setting account information: User name, Email, password
  • Enable/ Disable 2FA for the account
  • Input confirmation code from authentication app
  • Use a unique authentication code for each time login
  • Click on trust this device when login to save second authentication confirmation for a specific days
  • View Trusted Device list
  • Remove an admin account from the Trusted Device list

General configuration

  • Enable/ Disable the extension
  • Force admins to use 2FA
  • Enable/ Disable Trusted Device
  • Set trusted time by days


  • filter_drama I am a store owner. Our store has many admins. How can I set 2FA for specific accounts only?

    Kindly follow this guide. Firstly, turn off Forcing to use 2FA function. Then the admin accounts which is not set as trusted device and turn on 2FA will have to use 2FA.

  • filter_drama Can I know the list of trusted device and remove any accounts if any changes require?

    Yes, you can easily see from admin backend and click on remove button to do any removing accounts.

  • filter_drama How many steps admin has to pass to access admin data?

    There are two steps. The first is simple with username and password, the second is authentication code provided by the mobile authentication app

  • filter_drama Which apps can I use for 2FA?

    We recommend you use Authy and Google Authentication for the best result.

  • filter_drama If I do not want to be required 2FA the next time, how can I do?

    You can do by enabling the trusted device function and set the trusted time by days. Then, in the first login, click on Trust this device for x days. It can be done properly.

Reviews (0)

Submit your review

How do you rate this product?


Your email address on Mageplaza's store


Plain text, no HTML tags.