Two-factor authentication is the new de-facto standard of account security. Raise the security level or your Magento store with a flexible 2FA extension from Aitoc.
OverviewBack to top
The extension adds a second login step to your normal login process. Instead of only using a username / password combination you will also receive a special code to your iPhone or Android device that will serve as a second layer of identification. This way even if someone has your username and password they won’t be able to log into your Magento Admin Panel.
The extension works as an integration. It uses the Google Authenticator app to add a second layer of protection to your Admin Panel. Google Authentication app syncs with your Magento account using a one-time verification or a QR code. After the verification is complete it will continuously generate 6-digit secret keys that you will need to use to log into your Magento Admin Panel. Codes are generated using a smart time-based counter that can work both with or without Internet access. The code will change every half a minute which guarantees its uniqueness and high protection from hacking attempts.
Please note that in order to use all features of this integration-based extension you will need to sign up for a new Google account or use an existing one and install Google Authentication app on your smartphone.
Additional Requirements & Pricing
Install the free Google Authenticator app on your iPhone or Android device. Use this link to read full download and installation instructions for your preferred platform.
You will need a Google or Apple account on your phone to install and use Google Authenticator app from Apple Store or Google Play Store, accordingly. In case you don’t have the account required to complete the integration, the smartphone will prompt you to create one and redirect to the required page. The process is free and pretty straightforward.
No additional APIs are required to complete the integration.
Please note: that any two-factor authentication app will work with the extension. We chose to feature Google Authenticator because it’s the de-facto best practice app for such solutions and the most reputable app on the market.
Google Authenticator can work both with and without Internet access. You can log into your Magento website even if you have no Internet connectivity on your smartphone. Google Authenticator uses current time as an increment to generate access codes. The app will stay in sync with the web store server as long as the time on both the server and the smartphone is the same.
Adding two-factor authentication will lead to a serious security upgrade but at the same time you need to understand that without Google Authenticator you will not be able to log into your Magento store anymore.
To prevent loss of access (in case you lose your smartphone, for example) we provide a second authentication method – by email. We recommend that you enable both methods simultaneously to prevent access loss.
If you lose all access to your Magento store, please contact us at firstname.lastname@example.org for detailed account recovery instructions.
Enjoy improved account security with the added protection options:
Secure your Admin Panel with a second authorization step
Use time-sensitive secret codes to discourage any unauthorized login attempts
Choose whether to receive access codes by email or from inside the app
Limit allowed login locations to your company office or your home with IP whitelisting feature
Turn two-level authentication off for users who don't need it
In addition to the two-factor authentication, Aitoc team added another layer of protection. We introduced IP whitelisting, a technique that will allow users to only log into their Magento store from a certain network. For example, you can restrict access to your web store to your office and your home. Access from other places such as coffee shops or a random smartphone will be impossible.
You Decide Where Users Can Log In
IP whitelisting is a powerful feature with a lot of applications. Besides the obvious ability to restrict login attempts from unknown locations, you can also restrict the ability of even legitimate users from accessing your store from unsafe places, where the risk of security breach is higher – like open Wifi spots, publicly shared networks, etc.
Manage Security in a Flexible Way
Use different security levels for different users. Turn TFA on and off for any user based on your preferences and their access level.
As an example, it might be overkill to use TFA for a content manager role. They don’t have admin rights and won’t compromise the website if their login details get leaked.
Ensure Business Continuity With a Strong Security Tool
Two-factor authentication is a must-have security feature for large ecommerce sites. The bigger the store the more important it is to lock down Admin Panel properly.
Combined with IP whitelisting Aitoc Two-Factor Authentication offers the highest level of security available for Magento.
Why Choose Aitoc Extensions
Free email support for life
Free updates for life
Free 30-minute development support credit
25 days money-back guarantee
Fully GDPR compliant products
Release NotesBack to top
- Compatible with CE: 2.1 2.2
- Stability: Stable Build
Ver. 1.0.1 - Released April 2, 2018
Magento 2.2.3 compatibility fix
Ver. 1.0.0 - Released March 10, 2018