Powered by Adobe Commerce 2.4.5-p1

This extension is in our Payment category. Please remember that it is the merchant’s responsibility to ensure the proper PCI compliance level of their store, as applicable by PCI regulations. The PCI Self-Assessment is one tool you can use when evaluating Payment extensions and how they may affect your PCI compliance level. For more information on Marketplace policies, please review the Marketplace Terms & Conditions.

Two Factor Authentication

This is an Integration with a Third Party Service. Other charges and fees may be required to use this extension on your Store


Back to top

Twilio has democratized communications channels like voice, text, chat, video, and email by virtualizing the world’s communications infrastructure through APIs that are simple enough for any developer to use, yet robust enough to power the world’s most demanding applications.

Two-Factor Authentication (2FA) for Magento 2, also known as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves, such as when creating a new account or logging into an existing customer's account. It is one of the most dependable processes for account security.


Business Value

Two-Factor Authentication has long been used to control system and data access. Online service providers are increasingly using two-factor authentication (2FA) to protect their users' credentials from being used by hackers who stole a password database or used online hacking to obtain user passwords.

In today's world, security is critical in the digital real world. In this case, two-factor authentication is used. It enables the admin to enter the verification code for the new customer when creating a new account. Existing customers will verify their identities by entering the OTP sent to their mobile number when logging in to their account.


Account & Pricing

  • A separate Twilio account is required for the admin to use this module.
  • The Twilio account must be created as this module requires the Auth ID and token and accounts SID of your Twilio account. 
  • You can sign up for free or login to your existing Twilio account.
  • There are additional charges to use Twilio services. SMS pricing is based on the destination and type of message you’re sending, as well as the carrier to which the SMS is being sent. 
  • Please click here to view detailed updated pricing according to your country.


Features List

  • Auth Code will be sent to the mobile number entered during registration. It will, however, be verified after the account is created.
  • Customers must verify their identities in order to gain access to their accounts.
  • The admin can enable and disable the TwoFactorAuth module through the admin configuration.
  • The admin can change the expiry time of the verification code.
  • At the time of registration, the admin can enable or disable TwoFactorAuth verification for customers.


How Does The Extension Work?

Setup Twilio API Credentials

The feature can be managed by the admin from the backend. Here, the admin can enable/disable the module on the frontend from the page. The admin has the ability to enable and disable authentication for the new user and customer by Yes/No.


Auth Code Validation

Also, the admin can set the authentication code expiry time to anything between 60 and 300 seconds. And the expiry time of an OTP is set to 60 seconds by default.


Verify New Customers

When a new customer creates an account a one-time password (OTP) will be sent to the customer's mobile number. The customer must now complete the two-step verification process. 

Customers will enter the one-time password (OTP) on the Magento online store sent to their registered mobile number. After the verification, the new customer's account is successfully verified.


Secure Existing Customers

TwoFactAuth is available to existing customers also. Every time an existing customer logs in. they receive the OTP. After entering the OTP, they will be able to use their account.



For Store Owner

  • The admin can set the expiry time of the OTP to anything between 60 and 300 seconds.
  • The admin has the ability to enable and disable the module for new account registration verification.
  • Admin stores are more secure from hackers who are trying to steal sensitive data.
  • For the admin, it lowers the risk of a data breach.


For Customers 

  • Existing customers can also log in to their accounts after entering the OTP.
  • Customers can receive multiple authentication codes for registration.
  • Customers' data will be secure with two-factor authentication.


Support Policy

  • You get free 3 months of technical support included.
  • You can buy a 6 or 12 months extended support agreement.
  • For issues, please create a ticket or send an email to support@webkul.com
  • Free lifetime updates of the module.

Technical Specifications

Back to top

Seller profile

Webkul Software Private Limited

Seller contact




Current Version


Adobe Commerce platform compatibility

Open Source (CE): 2.4 (current)

Commerce on prem (EE): 2.4 (current)

Commerce on Cloud (ECE): 2.4 (current)


Stable Build


11 March, 2022


Extensions, Payments & Security, Fraud

Supported Browsers

Chrome, Firefox, Opera, Safari, Edge, IE

Quality Report

Back to top

Installation & Varnish Tests


Coding Standard


Plagiarism Check


Malware Check


Marketing Review


Manual Testing


All tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.

Release Notes

Back to top


  • Compatible with Open Source (CE) : 2.4
  • Compatible with Commerce on prem (EE) : 2.4
  • Compatible with Commerce on Cloud (ECE) : 2.4
  • Stability: Stable Build
  • Description:

    + Compatible with Magento 2.4.x.
    + At the time of registration Auth Code will be sent to the mobile number entered.
    however, it will be verified after the account will be created.
    + Admin can enable/disable the TwoFactorAuth module from the admin configuration.
    + Admin can enable/disable TwoFactorAuth verification of the customers at the time of registration.
    + Until the Auth Code is verified customer cannot access any other page in his account.


Back to top

The best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.

Contact Vendor

Q & A

Back to top


Back to top