Magento stores are popular for being one of the most powerful eCommerce platforms that offer robust eCommerce solutions, and security is also one of the strong points of Magento 2. The Magento admin has access to sensitive information of the store, including orders and customer data.
Why Do You Need Two-factor Authentication (2FA)?
As mentioned above, the Magento admin has access to sensitive information and control over the entire store. Furthermore, there is a chance of rendering the store dysfunctional if one does not know what he/she is doing in the backend.
Therefore, it is essential to prevent unauthorized access to your Magento store to ensure the safety of the store and its sensitive data. Magento 2 comes equipped with two-factor authentication (2FA) that enables you to put up a secondary step of verification that ensures only the admin access to your store.
Different Types of 2FAs in Magento 2
Magento 2 goes a step ahead by providing you with multiple options to choose from when it comes to two-factor authentication. Magento 2's two-factor authentication supports the following.
- Google Authenticators
- Duo Security
This means you can use OTPs (One-time Passwords), although that would mean you'd have to install an app that can generate the OTPs. Similarly, U2F or Universal 2nd Factor is also a popular choice capable of generating a unique key to verify your identity.
Superior Security With Magento 2
Magento 2 platform enables you to use one or more two-factor authentication solutions, and even though multiple solutions are supported, you only need one to sign in. Furthermore, the solution you opt to use can be used on all websites and stores associated with your Magento installation.
Configuring 2FA in Magento 2
The first question on your mind after knowing about the two-factor Authentication in Magento 2 is how you can access and configure the 2FA settings. In this section, we'll explain just that. You first need to access the 2FA settings where you can choose your preferred solution.
You need to follow the below steps from the Admin sidebar to configure your 2FA.
Stores → Settings → Configuration
Once you have reached the configuration page, click on the security in the left panel and choose 2FA. The window shown below pops up from where you can select your preferred 2FA solution when you have done that.
This is the general section, which lets you pick one or more providers for your two-factor authentication. In order to select multiple providers, all you have to do is press down on the ctrl/command key on your PC or Mac and click on the ones you want. Once completed, you can click on the “Save Config” button.
As we have already mentioned above, you can easily enable Google Authenticator as your 2FA solution by following the steps mentioned above. But, that's not all; once you have enabled the 2FA for Google Authenticator, you (the admin) will be logged out, and a QR code will be displayed on the screen.
- You will need to scan the QR code for you to register your device.
- After scanning the QR code from the Google Authenticator App you receive a six-digit code
- Enter the six-digit code and then click the Confirm button
- The successful authentication will then take you to the Magento 2 Admin dashboard
Furthermore, you can also change how long you want the OTP to be available during sign in. This can be easily accomplished by clearing the Use system value checkbox. You can even specify the time during which the OTP will be valid.
Once you have completed the above steps, your device gets registered for 2FA making your Magento store more secure than ever.
If you choose Duo Security as your preferred 2FA solution, you'll have to set it up by providing some credentials as mentioned below. After choosing Duo Security for your 2FA, the window shown below will need to be filled using your credentials. The credentials mentioned here can be obtained from your Duo Security account.
- Integration key
- Secret key
- API hostname
Although the process involved is pretty straight forward, most leading companies prefer the touch of an expert like Virtina when setting up the 2FA.
Similar to the process we saw in the case of Duo Security, a window that needs to be filled pops up after choosing Authy as your preferred two-factor authentication solution. However, unlike Duo Security, you need not provide multiple credentials but just one, which is the API key from your Authy account.
Once you select Authy as your 2FA, you'll be taken to the window shown above.
- Provide the API key from your Authy account
- You may change the default message that appears during authentication here
- Clear the “Use System Value” checkbox and then enter the “One Touchmessage” you want to display
U2F Devices (YubiKey and Others)
When you choose U2F for your two-factor authentication, all it will ask for is the WebApi Challenge Domain. The following window appears when you select U2F as the preferred 2FA solution.
By default, the store domain is used during the authentication process. But if you want to use a custom domain for the WebApi, you can simply clear the “Use System Value” checkbox and then enter the WebApi Challenge Domain.
Maintaining your eCommerce store or website's security is quintessential, and there are no cutting corners when it comes to security. Magento 2 is one of the platforms that are capable of providing out of the box solutions.
Magento 2 comes equipped with an advanced two-factor authentication system that supports multiple solution providers, including Google Authenticator. To protect the business and its confidential data, you need to have the necessary security measures in place, and Magento 2 makes it easy and simple.