Powered by Adobe Commerce 2.4.6

This extension is in our Payment category. Please remember that it is the merchant’s responsibility to ensure the proper PCI compliance level of their store, as applicable by PCI regulations. The PCI Self-Assessment is one tool you can use when evaluating Payment extensions and how they may affect your PCI compliance level. For more information on Marketplace policies, please review the Marketplace Terms & Conditions.

Two Factor Authentication

by Aitoc


Back to top

This Two Factor Authentication extension adds a second login step to your normal login process. Instead of only using a username/password combination you will also receive a special code to your iPhone or Android device that will serve as a second layer of identification. This way even if someone has your username and password they won’t be able to log into your Magento Admin Panel.

The extension works as an integration using the Google Authenticator app to add a second layer of protection to your Admin Panel. Google Authentication app syncs with your Magento account using a one-time verification or a QR code. After the verification is complete it will continuously generate 6-digit secret keys that you will need to use to log into your Magento Admin Panel. Codes are generated using a smart time-based counter that can work both with or without Internet access. The code will change every half a minute which guarantees its uniqueness and high protection from hacking attempts.

Please note that in order to use all features of this integration-based extension you will need to sign up for a new Google account or use an existing one and install Google Authentication app on your smartphone. 

Google Authenticator can work both with and without Internet access. You can log into your Magento website even if you have no Internet connectivity on your smartphone. Google Authenticator uses the current time as an increment to generate access codes. The app will stay in sync with the web store server as long as the time on both the server and the smartphone is the same. Adding two-factor authentication will lead to a serious security upgrade but at the same time, you need to understand that without Google Authenticator you will not be able to log into your Magento store anymore. 

To prevent loss of access (in case you lose your smartphone, for example) we provide a second authentication method – by email. We recommend that you enable both methods simultaneously to prevent access loss. If you lose all access to your Magento store, please contact us at magsupport@aitoc.com for detailed account recovery instructions.


Additional Requirements 

  1. Install the free Google Authenticator app on your iPhone or Android device. Use this link to read full download and installation instructions for your preferred platform.
  2. You will need a Google or Apple account on your phone to install and use the Google Authenticator app from Apple Store or Google Play Store, accordingly.
  3. In case you don’t have the account required to complete the integration, you will be prompted to create one and redirect to the required page.
  4. The process is free and straightforward.
  5. No additional APIs are required to complete the integration.

Please note: Any two-factor authentication app will work with the extension. We chose to feature Google Authenticator because it’s the de-facto best practice app for such solutions and the most reputable app on the market.



Enjoy Improved Account Security 

  • Secure your Admin Panel with a second authorization step
  • Use time-sensitive secret codes to discourage any unauthorized login attempts
  • Choose whether to receive access codes by email or from inside the app
  • Limit allowed login locations to your company office or your home with IP whitelisting feature
  • Turn two-level authentication off for users who don't need it


API Whitelisting

In addition to the two-factor authentication, the Aitoc team added another layer of protection. We introduced IP whitelisting, a technique that will allow users to only log into their Magento store from a certain network. For example, you can restrict access to your web store to your office and your home. Access from other places such as coffee shops or a random smartphone will be impossible.


You Decide Where Users Can Log In

IP whitelisting is a powerful feature with a lot of applications. Besides the obvious ability to restrict login attempts from unknown locations, you can also restrict the ability of even legitimate users from accessing your store from unsafe places, where the risk of security breach is higher – like open Wifi spots, publicly shared networks, etc.


Manage Security In A Flexible Way

Use different security levels for different users. Turn TFA on and off for any user based on your preferences and their access level. As an example, it might be overkill to use TFA for a content manager role. They don’t have admin rights and won’t compromise the website if their login details get leaked.


Ensure Continuity With Strong Security

Two-factor authentication is a must-have security feature for large eCommerce sites. The bigger the store the more important it is to lock down Admin Panel properly. Combined with IP whitelisting Aitoc Two-Factor Authentication offers the highest level of security available for Magento.


Why Choose Aitoc Extensions?

  • Free email support for life
  • Free updates for life
  • Free 30-minute development support credit
  • 25-day Marketplace Return Policy
  • Fully GDPR compliant products

Technical Specifications

Back to top

Seller profile


Seller contact


Current Version


Adobe Commerce platform compatibility

Open Source (CE): 2.4 (current), 2.1 (obsolete), 2.2 (obsolete), 2.3 (obsolete)

Commerce on prem (EE): 2.4 (current)

Commerce on Cloud (ECE): 2.4 (current)


Stable Build


14 February, 2023


Extensions, Payments & Security, Fraud

Supported Browsers

Chrome, Firefox, Opera, Safari, Edge, IE

Quality Report

Back to top

Installation & Varnish Tests


Coding Standard


Plagiarism Check


Malware Check


Marketing Review


Manual Testing


All tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.

Release Notes

Back to top


  • Compatible with Open Source (CE) : 2.3 2.4
  • Compatible with Commerce on prem (EE) : 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.4
  • Stability: Stable Build
  • Description:

    - Added Magento 2.4.4 compatibility
    - Added PHP 8.1 compatibility


  • Compatible with Open Source (CE) : 2.2 2.3
  • Stability: Stable Build
  • Description:

    Magento 2.3 compatibility


  • Compatible with Open Source (CE) : 2.1 2.2
  • Stability: Stable Build
  • Description:

    Ver. 1.0.1 - Released April 2, 2018
    Magento 2.2.3 compatibility fix

    Ver. 1.0.0 - Released March 10, 2018
    Initial Release


Back to top

The best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.

Contact Vendor

Q & A

Back to top


Back to top