OverviewBack to top
This Two Factor Authentication extension adds a second login step to your normal login process. Instead of only using a username/password combination you will also receive a special code to your iPhone or Android device that will serve as a second layer of identification. This way even if someone has your username and password they won’t be able to log into your Magento Admin Panel.
The extension works as an integration using the Google Authenticator app to add a second layer of protection to your Admin Panel. Google Authentication app syncs with your Magento account using a one-time verification or a QR code. After the verification is complete it will continuously generate 6-digit secret keys that you will need to use to log into your Magento Admin Panel. Codes are generated using a smart time-based counter that can work both with or without Internet access. The code will change every half a minute which guarantees its uniqueness and high protection from hacking attempts.
Please note that in order to use all features of this integration-based extension you will need to sign up for a new Google account or use an existing one and install Google Authentication app on your smartphone.
Google Authenticator can work both with and without Internet access. You can log into your Magento website even if you have no Internet connectivity on your smartphone. Google Authenticator uses the current time as an increment to generate access codes. The app will stay in sync with the web store server as long as the time on both the server and the smartphone is the same. Adding two-factor authentication will lead to a serious security upgrade but at the same time, you need to understand that without Google Authenticator you will not be able to log into your Magento store anymore.
To prevent loss of access (in case you lose your smartphone, for example) we provide a second authentication method – by email. We recommend that you enable both methods simultaneously to prevent access loss. If you lose all access to your Magento store, please contact us at firstname.lastname@example.org for detailed account recovery instructions.
- Install the free Google Authenticator app on your iPhone or Android device. Use this link to read full download and installation instructions for your preferred platform.
- You will need a Google or Apple account on your phone to install and use the Google Authenticator app from Apple Store or Google Play Store, accordingly.
- In case you don’t have the account required to complete the integration, you will be prompted to create one and redirect to the required page.
- The process is free and straightforward.
- No additional APIs are required to complete the integration.
Please note: Any two-factor authentication app will work with the extension. We chose to feature Google Authenticator because it’s the de-facto best practice app for such solutions and the most reputable app on the market.
Enjoy Improved Account Security
- Secure your Admin Panel with a second authorization step
- Use time-sensitive secret codes to discourage any unauthorized login attempts
- Choose whether to receive access codes by email or from inside the app
- Limit allowed login locations to your company office or your home with IP whitelisting feature
- Turn two-level authentication off for users who don't need it
In addition to the two-factor authentication, the Aitoc team added another layer of protection. We introduced IP whitelisting, a technique that will allow users to only log into their Magento store from a certain network. For example, you can restrict access to your web store to your office and your home. Access from other places such as coffee shops or a random smartphone will be impossible.
You Decide Where Users Can Log In
IP whitelisting is a powerful feature with a lot of applications. Besides the obvious ability to restrict login attempts from unknown locations, you can also restrict the ability of even legitimate users from accessing your store from unsafe places, where the risk of security breach is higher – like open Wifi spots, publicly shared networks, etc.
Manage Security In A Flexible Way
Use different security levels for different users. Turn TFA on and off for any user based on your preferences and their access level. As an example, it might be overkill to use TFA for a content manager role. They don’t have admin rights and won’t compromise the website if their login details get leaked.
Ensure Continuity With Strong Security
Two-factor authentication is a must-have security feature for large eCommerce sites. The bigger the store the more important it is to lock down Admin Panel properly. Combined with IP whitelisting Aitoc Two-Factor Authentication offers the highest level of security available for Magento.
Why Choose Aitoc Extensions?
- Free email support for life
- Free updates for life
- Free 30-minute development support credit
- 25-day Marketplace Return Policy
- Fully GDPR compliant products
Technical SpecificationsBack to top
Magento platform compatibility
Open Source (CE): 2.3 (current), 2.1 (obsolete), 2.2 (obsolete)
20 December, 2019
Extensions, Payments & Security, Fraud
Chrome, Firefox, Opera, Safari, Edge, IE
Quality ReportBack to top
All tests were conducted on the latest versions of Magento that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.
Release NotesBack to top
- Compatible with Open Source (CE) : 2.2 2.3
- Stability: Stable Build
Magento 2.3 compatibility
- Compatible with Open Source (CE) : 2.1 2.2
- Stability: Stable Build
Ver. 1.0.1 - Released April 2, 2018
Magento 2.2.3 compatibility fix
Ver. 1.0.0 - Released March 10, 2018
SupportBack to top
The best place to start if you need help with a specific extension is to contact the developer. All Magento developers have both a contact email and a support email listed.Contact Vendor