For more details see the Two-Factor Authentication extension page.
Keep your Magento store protected from key loggers, network data sniffers, unsecured Wi-Fi connections, and other possible threats. Use security code in addition to your password to increase the security level.
To configure the extension general settings please go to System → Configuration → Amasty Extensions → Two-Factor Authentication.
Enable Two-Factor Authentication — use this option to enable or disable two-factor authentication;
Discrepancy — specify the allowed time drift in 30 second units (8 means 4 minutes before or after) for verification codes generation;
IP White List — specify IP addresses separated by commas that will be granted access without two-factor authentication.
If you are using the old Magento version, you need to replace the login.phtml file (Magento_root/app/design/adminhtml/default/default/template/login.phtml) with the attached one. Please, unzip it before replacing:
Please go to System → Permissions → Users and select a user you want to add two-factor authentication to.
Switch to the Two-Factor Settings tab. Then, tick the Two-Factor Authentication checkbox.
When done, open your Google Authenticator application and register the login by scanning the QR Code or entering the Secret Key. Once your Google Authenticator application is properly configured it will show a one- time passcode that changes every 30 seconds. Fill it in the Security Code field, and click the Check Code link.
The status should change to Verified.
Now, press the Save User button. If the entered verification code is correct the form will be saved. The user will now be required to enter one-time security code when logging in to admin panel.
When the verification returns the Invalid value, you can fix this by modifying the Discrepancy value in the extension general settings.
Try increasing the value by 1, save changes, and try the verification procedure once again. If you'll face the Invalid value again, please, try to increase a discrepancy one more time.