Two-Factor Authentication

Two-Factor Authentication

Technology Partner General
Compatible With: Community 1.3, 1.4,, 1.4.2, 1.5, 1.6, 1.6.1,, 1.7, 1.8, 1.8.1, 1.9, 1.9.1, 1.9.2, 1.9.3 Enterprise 1.10, 1.11, 1.11.1, 1.12, 1.13, 1.13.1, 1.14, 1.14.1, 1.14.2, 1.14.3,,,,,,,

Tech Specifications

Current Version:
Stable Build
30 August, 2017
Extensions, Payments & Security
License Type:


Protect your Magento backend against unauthorized logins and fraudsters today!

Other Extensions by XTENTO


Back to top

Protect your Magento 1* backend against unauthorized logins and fraudsters today! Because passwords just aren't enough! Fearing someone could log into your Magento store to download all your orders, customers and other sensitive data? Fearing hackers and the consequences after getting hacked? Fear no more!

Using the Two-Factor Authentication extension by XTENTO, additional security information will be required when logging into the Magento backend. Besides the username and the password, a so called security code (see screenshot below) will be required to log in. The security code gets generated by your smartphone (the secondfactor). Each security code can be used once only and is valid for 30 seconds only.Just turn on your smartphone - open the Authenticator application - and you'll immediately see the security code required to log in, valid for the next 30 seconds only. It's really easy, but the increase in security is immense.

As long as you've got your phone, this will ensure only YOU are able to login, and nobody else. No other person is able to generate the security code as it's generated using a unique secret key only known to your phone. You can't log in if you don't have the security code. You can't log in if you don't have the password. You always need the password and the security code to log in. This makes it almost impossible for hackers to log into your Magento backend.

Setting up Two-Factor Authentication for an adminstrator in Magento is easy: Just go to the Users section in the Magento backend, click Create secret key and scan the barcode using the Authenticator application. That's it! Your account is now protected against unauthorized logins.

Get the Two-Factor Authentication extension now to protect against today's threats without the hassle and cost of yesterday's technology.

More Information

This extension is compatible with every iPhone, iPad, iPod touch, Android and BlackBerry smartphone that supports Google Authenticator. The extension uses the free open-source Google Authenticator application to generate the security code required to log in.

Before your purchase, please make sure your device is able to run the Authenticator application.

  • Android: Open the Android Market and search for Google Authenticator
  • iPhone/iPad/iTouch: Visit the App Store and search for Google Authenticator
  • BlackBerry: Visit on your BlackBerry

Additional Information

The secret key will only be saved on your smartphone. Neither XTENTO nor Google will be able to recover it. The magic all happens on your device.

If you ever lose your smartphone, be sure to create a new key in the Two-Factor Authentication section under 'Users' in Magento so no one is able to log in using your smartphone.

This extension does not guarantee a 100% protection against hackers. If someone hacks your FTP server, they will be able to disable the security code login, but if that ever happens, they'd be able to download your database anyways without Magento backend access.


If you have any questions regarding this extension, please do not hesitate to contact us at We'll be happy to help!

Release Notes

Back to top


  • Compatible with CE: 1.3 1.4 1.4.2 1.5 1.6 1.6.1 1.7 1.8 1.8.1 1.9 1.9.1 1.9.2 1.9.3
  • Compatible with EE: 1.10 1.11 1.11.1 1.12 1.13 1.13.1 1.14 1.14.1 1.14.2 1.14.3
  • Stability: Stable Build
  • Description:

    ===== 1.1.1 =====
    * Updated Xtento_XtCore to 1.1.8 ("Added warning in module configuration at System > Configuration if module output is disabled via "Disable Module Output" at System > Configuration > Advanced > Advanced")


  • Compatible with CE: 1.5 1.6 1.6.1 1.7 1.8 1.8.1 1.9 1.9.1 1.9.2 1.9.3
  • Compatible with EE: 1.10 1.11 1.11.1 1.12 1.13 1.13.1 1.14 1.14.1 1.14.2 1.14.3
  • Stability: Stable Build
  • Description:



    ===== 1.0.0 =====
    * Initial stable release


    ===== 1.0.4 =====
    * Fixed an issue where the "TFA not required for certain IP" feature didn't work if the server is behind a reverse/caching proxy.

    ===== 1.0.5 =====
    ! Added compatibility for Magento CE / EE

    ===== 1.0.6 =====
    * Fixed adminhtml controller that didn't work in some environments and led to "code is wrong" always when attempting to enable TFA.

    ===== 1.0.7 =====
    * Fixed a bug caused by Magento patch SUPEE-6285 that lead to "Access Denied" screens for admins that don't have full access.

    ===== 1.0.8 =====
    + Added ability to send the admin an email containing the QR code after setting up TFA for a new admin

    ===== 1.0.9 =====
    ! Added compatibility for Magento CE / EE


Back to top
The best place to start if you need help with a specific extension is to contact the developer. All Magento developers have both a contact email and a support email listed.

Q & A

Back to top


Back to top