Ways to improve your Magento security
Double your Admin panel security
Two-step authentication is a simple yet efficient way to enhance your protection. This presupposes that to access your account, you have to prove yourself in two different ways. Besides from usual login and password, your mobile device becomes a necessary component of your authentication.
Protect your business account against fraud
As more services require to log in, users become less attentive. One-factor verification may become an easy target for the key loggers and data sniffing. The extension offers you a trustworthy solution of the present-day verification method, used by key figures of the industry (e.g. Facebook, Google, etc).
Use Google Authenticator to generate additional security code
Google Authenticator app is a simple way to make your personal device a crucial element for accessing the Magento account. The app generates security codes every 30 seconds, so even if your login and password were hacked somehow, there is one more additional security password.
Include reliable IP addresses in the white list
To free some IP addresses (e.g. your company) from a double checkup, simply add these IP addresses to the white list in the backend settings.
Enable security code for particular admin roles individually
The Magento 2 Two-factor Authentication extension offers a possibility to configure each admin role individually. Enable additional code for each particular company person.
2FA Extension: Smartphone compatibility
Check if your device is able to run the Google Authenticator application before using the extension. This Google application generates additional security codes.
Improve your Magento management experience
Log all admin actions in your web store
To get more from admin management, check our extension Admin Actions Log for Magento 2. Track all the actions by store administrators in a real-time mode. Easily monitor the log history and all the login attempts.
Allow the admins of the store to work only with particular categories and products
For more flexible work with user permissions, check out the Advanced Permission for Magento 2 extension. You can assign different role permissions for particular managers.
Magento 2 factor authentication
2-step verification is an extra layer of protection based on Google Authenticator or mobile device binding. The single-use 30-second code is apt to protect Magento 2 backend against cybercriminals. Powered by TOTP / HOTP algos, our 2FA plugin doubles your business data resistance against attacks.
Why Do You Need 2FA?
2FA is a new outline of your Magento 2 security measures that phasing out used-to-be protection measures largely due to the obvious pros:
- an extra layer of user credentials/account protection;
- decreased risks of unauthorized access/system breaches;
- a wide variety of 2FA methods that suit the most discerning users: secret questions, pin codes sent to mobiles, pictures confirmations, more;
- secure access to confidential business information.
As a result, by avoiding security issues you increase user satisfaction and loyalty to your brand.
To date, more than 90% of Gmail accounts don't use 2FA (Source). This is largely due to Google democratic approach, you can’t simply force users unconditionally accept the two-step authentication. However, in 2018 we see people suffer from banal email hacking and e-commerce fraud.
What makes you think then that the problem won’t affect your business? Let’s take a guess, you may think you are only beginning to be an e-business, you may personally know all the employees, besides you have a small staff, who are easy to control. All these arguments don’t hold much water once your Admin account is hacked.
What is a Magento 2 authentication factor?
The factor is a credential that is used to verify an access legitimacy. They distinguish the next 2FA types:
- knowledge (it’s based on a user's knowledge of something): This one is the most common method of authentication. They can be secret questions/characters/words/sentences/numeric combinations/etc.;
- possession (it’s based on a user's possession of something): The method implies a secret key that is possessed by only one user. One of the most in-use examples is a security token (disconnected/connected/software/etc.);
- inherence (it’s based on a user's biometric characteristics): They are user's fingerprints, face, voice, iris recognition, typing dynamic and others. The factor is justly considered as one of the safest.
Our Magento 2 factor authentication uses 30-second Google Authenticator code sent to your mobile device.
Magento 2 Step Authentication: Pros and Cons
- double business account protection;
- increase of your Admin Panel security;
- additional 30-second-life security password;
- white lists to free reliable IPs from Magento 2 2FA;
- extra verification code for an individual admin role;
- smartphone compatible.
- the need for sharing your mobile phone number;
- a possibility of SMS-based authentication distant circumvention;
- it's never 100%.
- 100% Open Source — Easy To Customize
- Follows Magento Code Architecture
- Separated HTML/CSS/JS
- Simple installation via Composer
* The name "Magento" and the logo are the trademarks of Magento, Inc.
Version 1.1.5 - February 05, 2019
– Fix: the issue with saving Two-Factor Authentication data in the user (admin) account if the current user (admin) is whitelisted by IP was resolved
Version 1.1.4 - January 24, 2019
– Improvement: minor visual improvement for the extension settings in the admin panel
Version 1.1.3 - May 14, 2018
– Improvement: the Google API Key check was added
– Improvement: a small update to the information panes was implemented
Version 1.1.2 - March 29, 2018
– New: added the option to edit the discrepancy for generated verification codes
– Improved the current IP check for the whitelist functionality
– Minor code improvements
Version 1.1.1 - November 23, 2017
– Fixed issue with missing menu tab
Version 1.1.0 - August 28, 2017
– Compatibility with IPv6 introduced