Two-Factor Authentication (2FA) for Magento 2

Two-Factor Authentication (2FA) for Magento 2


Magento Two-Factor Authentication will protect your store from insecure Internet connections (wifi, mobile), key loggers, and more. Every time you login into your Web site there is a chance that someone is sniffing or logging the password, which can later be used to login to your store and wreak havoc. You can protect your store from these attacks by using our advanced Magento Two-Factor Authentication, which uses Google authenticator and your smart phone in order to authenticate your admin session.

  • Secure Login to your Magento Backend
    With our Two-Factor System you will need to enter a time-based passcode when logging into Magento. This passcode changes every 30 seconds, so even if someone knows your password, they will not be able to login to your backend.
  • Rate Limit Login Attempts
    Limit the number of allowed attempts for a given IP address in order to prevent brute force attacks against your admin panel.
  • Secure Against Advanced Connection Sniffing
    With most time-based passcodes it is possible to login if your user credentials / passcode can be sniffed and entered within 30 seconds. With our secure setup we only allow a passcode to be used once, so even if both your password / passcode are sniffed they will not be able to be used for login.
  • Secure Against Key Logging
    If you login from a computer that is logging keyboard input, then your password is at risk. With Two-Factor Authentication it will not matter if your password is stolen as the attacker will also need to know your time-based passcode, which changes every 30 seconds and can only be used successfully once before it expires.
  • Logging of Login Attempts
    Failed login attempts including IP address, time, passcode used, etc are logged so that you may review if someone is trying to brute force your login system.
  • IP Address White Listing for Verification Code New!
    Some IP addresses (such as the office IP) may be trusted and not require entering the verification code. This is easy to accomplish with our flexible IP white list rules.
  • Flexibility in Authentication Requirements
    Each admin account can have various levels of security requirements. You can set an account to require a password only, a passcode only, or both the password and passcode. This way you can use one account when logging in from trusted networks and use another admin account when logging in from untrusted networks.

Tech Specifications




6 Months

Magento Compatibility

2.0.x, 2.1.x, 2.2.x, 2.3.x, 2.4.x

Hyvä Theme Compatibility

In Progress