The JetRails 2FA plugin adds an extra layer of security to your Magento store. Role based 2FA enablement ensures that admin users are following best security practices.
OverviewBack to top
Your Magento storefront is vulnerable. Eliminate your security risk by downloading the JetRails Two-factor authentication module. Two-factor authentication, also known as 2FA, is a critical component for Magento security and is used widely by Magento backend admin users. Authentication is a security process to verify a user's identity. Authentication consists of three factors; something they know (ie. password), something they have (ie. phone), or something they are (ie. fingerprint).
With a stock Magento installation, a user is only given one method of authentication. This method of authentication is “Something they know,”usually consisting of their admin user's name and password. While having one method of authentication is typically secure, it has its limitations. By adding one additional layer of authentication, security is significantly strengthened. Having multiple methods of authentication is known as multi-factor authentication. It is often recommended that you choose at least two out of the three methods of authentication to ensure strong security.
This plugin works with “Something they know” and “Something they have”. A Magento admin user that has the JetRails 2FA plugin enabled will not only be authenticated with “Something they know” which would be their admin username and password, but they will also authenticate with “Something they have” such as their phone or tablet.
Once the JetRails 2FA plugin is installed for your Magento store and an admin successfully logs into their account, the JetRails 2FA plugin will prompt the user to set up their 2FA account. The typical user enrollment process takes up to five minutes including installation of the Google Authenticator application on their device. For more information on using the JetRails 2FA plugin, make sure to read the user guide which offers visual step-by-step instructions.
2FA is an industry best practice and is implemented using the Time-Based One-Time Password (TOTP) algorithm. In developing this plugin, RFC-6238 was used for reference and it can be found here. Since 2FA gives an extra layer of protection to Magento’s authentication process, it is vital to every Magento installation.
This plugin comes with the following features and benefits:
- A Master Administrator can require 2FA to be utilized by specific roles.
- Usage for 2FA can be enforced and required for log-in.
- Once you use the 2FA to login, there is an option to bypass authentication for 7 days.
- In case of lost or misplaced 2FA account, backup codes are available as an alternate method for authentication.
- In case of at attempted account breach, prevention protocols are in place via Brute Force Protection which will block the account for 10 minutes after 10 consecutive failed login attempts.
- An automatic instantaneous alert will be sent to the account owner and store admins informing them of an attempted breach. Any security warning will be logged with any relevant data such as the offenders IP address.
- The 2FA account can be setup for devices (something they have) using the Google Authenticator app, which is available for every platforms including iPhone and Android.
Release NotesBack to top
- Compatible with CE: 1.6 1.6.1 126.96.36.199 1.7 1.8 1.8.1 1.9 1.9.1 1.9.2 1.9.3
- Stability: Stable Build
- Role based TFA enablement
- Remember authentication for 7 days
- Backup codes as an alternate authentication method
- Send email to account owner and admins on account block
- Brute force protection (10 min. block between 10 failed attempts)