Flying Spares, provider of spare parts for vintage cars and high quality marques, displaying a Rolls-Royce from their eCommerce Shopify development from magic42

Flying Spares

International B2B Magento with 240k catalogue, Khaos Control Integration and digital marketing.
See our work
Stone Computers Case Study by magic42

Stone Computers

Adobe Magento Commerce B2C, B2B portal and PunchOut sites and bespoke loan payment solution.
See our work
Alan Paine quality clothing retailer showing their brand, as featured in their case study for their eCommerce website with magic42

Alan Paine

Multisite, B2C migration from Magento to Shopify Plus with ERP integration.
See our work
Haws Watering Cans case study after eCommerce development agency, magic42, migrated their site to Shopify

Haws Watering Cans

B2C eCommerce strategy, UX improvements, AdWords and Klaviyo email marketing management.
See our work
Alan Paine quality clothing retailer showing their brand, as featured in their case study for their eCommerce website with magic42

Alan Paine

Multi-site, B2C migration from Magento to Shopify Plus with ERP integration.
Find out more
Roger Clark Motorsport automative eCommerce client case study from magic42, showing high quality silver cars in a slick garage

Roger Clark Motorsport

B2C and B2B migration of bespoke, global automotive parts website to Shopify.
Find out more

Call Us

Speak to a Shopify expert:

0121 663 6360

Get in touch 
magic42 - eCommerce development experts born from retail success

Born from a retailer

Read the full story of how our award-winning retail business developed into magic42.
Find out more
Envision Workshop documents as an outcome from our replatforming and migration meeting for your eCommerce website

How we'll work with you

Find out what it's like to partner with us and the steps involved for your eCommerce project.
Find out more
Alex Ashman, director of magic42, in a bumper car with a huge grin on his face as he mingles with his eCommerce development team at magic42

Looking to join us?

Take a look at what it's like to work at magic42 and the opportunities we offer.
Find out more

Call Us

Speak to our eCommerce experts:

0121 663 6360

Get in touch 

Using Two-Factor Authentication with Magento & Adobe Commerce

Author: 
Alex Ashman
Published: 
February 21, 2023
Two Factor Authentication (2FA) and why you should use this for your Magento eCommerce website

Using Two-Factor Authentication (2FA) with Magento is necessary for security because it adds an extra layer of protection to the authentication process. 

For regular admin access to Magento, users are required to enter a username and password to access their account. However, this method can be vulnerable to brute force attacks or password guessing, especially if users are not using strong and unique passwords. 

Typically Google’s reCAPTCHA can be enabled and the login URL can be changed from /admin on the admin login page, which provides some protection but 2FA provides a significant improvement to your site’s security. 

Why do you need to enable Two-Factor authentication?

2FA adds a second layer of authentication by requiring users to provide an additional piece of information to verify their identity. Typically, this second factor is something that the user has, such as a mobile device, token, or security key. 

By requiring this additional piece of information, even if an attacker manages to obtain the user's password, they would still need access to the second factor to gain access to the account.

How 2FA can protect your Magento website

In the case of Magento (either Open Source or Adobe Commerce versions), 2FA can help protect sensitive customer and payment data, which is critical for any eCommerce platform. 

By using 2FA, Magento store owners and administrators can add an extra layer of security to their accounts, making it more difficult for attackers to gain access to sensitive information. 

This can help protect against attacks such as phishing, brute force attacks, and password guessing, which are common methods used by attackers to gain unauthorised access to accounts.

Using Google Authentication to protect your Magento website

One popular and widely used option for implementing 2FA in Magento is Google Authentication. 

It is a free service provided by Google, and it works by using a mobile app, such as Google Authenticator or Authy, to generate a one-time code that is used in combination with the user's password to authenticate the user. 

Once enabled, the user would be prompted to enter a one-time code from the app in addition to their username and password when logging in to their Magento account. This helps ensure that only authorised users with access to the linked mobile device can access the account, making it more secure.

How to enable Two-Factor Authentication on your Magento website

Here’s how 2 Factor Authentication can be enabled on Magento Open Source and Adobe Commerce:

  1. Check that the Two-Factor Authentication module is enabled in your Magento store. If you haven't already done so it’s likely been disabled. Your Magento development agency or internal team should re-enable it for you. 
  2. Log in to your Magento admin panel and navigate to your user account settings by clicking on "Account Settings" in the top right-hand corner of the screen.
  3. Click on the "Security" tab and then click on the "2FA" tab.
  4. Under the "Two-Factor Authentication" tab, select "Google Authenticator" as your 2FA provider.
  5. Download and install the Google Authenticator or Authy app on your mobile device if you haven't already done so.
  6. Open the app on your mobile device and scan the QR code displayed on the Magento admin panel.
  7. Once you've linked your account to the app, a verification code will be generated in the app. Enter this code in the "Verification Code" field on the Magento admin panel.
  8. Click "Save" to enable Two-Factor Authentication with Google Authentication.
  9. The next time you log in to your Magento account, you will be prompted to enter a verification code from your Google Authenticator app after entering your username and password.

Disabling Two-Factor Authentication

There are a number of legitimate reasons why a business might not want to have 2FA enabled.  For example,  if it causes issues with integrations (we’ve seen this with some of our clients and their bespoke ERPs) or internal teams may not have access to a “work” mobile phone to use  the Google Authenticator App. 

To disable the module:

  1. In your Magento admin, go to  Stores > Configuration > Security > 2FA
  2. Select the “General” tab and set “Enable 2FA” to “No” which will disable 2FA on your admin screen.

Looking for Magento security advice?

If you have any questions regarding your Magento website and your platform security, do get in contact with us and we will be happy to answer any questions you may have. 

magic42 is a UK-based eCommerce development agency, born from an award-winning retailer. Having grown with the industry since the year 2000, we provide our unique perspective to help clients get the best from their eCommerce platforms.
Company No. 11572347 VAT No. 310 2436 61
Shopify Partners Logo (as used by Shopify Development Partners)
© Copyright 2024 magic42 Limited - All Rights Reserved
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram