Attention: To promote the best practice of installing extensions via Composer, direct package download from the My Purchases page has been disabled. Please follow the "How to Install" instructions to install or download the extensions. Click Read More for detailed instructions on installing Adobe Commerce extensions.
This extension is in our Payment category. Please remember that it is the merchant’s responsibility to ensure the proper PCI compliance level of their store, as applicable by PCI regulations. The PCI Self-Assessment is one tool you can use when evaluating Payment extensions and how they may affect your PCI compliance level. For more information on Marketplace policies, please review the Marketplace Terms & Conditions.
PRODUCT:
0
TOTAL:
Overview
Back to topProtect your Magento backend against unauthorized logins and fraudsters today! Because passwords just aren't enough! Fearing someone could log into your Magento store to download all your orders, customers and other sensitive data? Fearing hackers and the consequences after getting hacked? Fear no more!
Using the Two-Factor Authentication extension by XTENTO, additional security information will be required when logging into the Magento backend. Besides the username and the password, a so called security code (see screenshot below) will be required to log in. The security code gets generated by your smartphone (the secondfactor). Each security code can be used once only and is valid for 30 seconds only. Just turn on your smartphone - open the Authenticator application - and you'll immediately see the security code required to log in, valid for the next 30 seconds only. It's really easy, but the increase in security is immense.
As long as you've got your phone, this will ensure only YOU are able to login, and nobody else. No other person is able to generate the security code as it's generated using a unique secret key only known to your phone. You can't log in if you don't have the security code. You can't log in if you don't have the password. You always need the password and the security code to log in. This makes it almost impossible for hackers to log into your Magento backend.
Setting up Two-Factor Authentication for an adminstrator in Magento is easy: Just go to the Users section in the Magento backend, click Create secret key and scan the barcode using the Authenticator application. That's it! Your account is now protected against unauthorized logins.
Get the Two-Factor Authentication extension now to protect against today's threats without the hassle and cost of yesterday's technology.
Features
- Protect your Magento backend against unauthorized logins
- Two-Factor Authentication stops unauthorized users from logging into your backend, by requiring a second factor (your phone) to which only you have access to
- Easy to use & great security improvement to lock down your Magento admin panel
- Compatible with recent iPhone, iPad, iPod touch, Android and BlackBerry smartphones.
- Compatible with Google Authenticator, Authy, Duo Mobile, Lastpass Authenticator and Yubico Authenticator.
- Disable Two-Factor Authentication for known IP addresses
More Information
This extension is compatible with every iPhone, iPad, iPod touch, Android and BlackBerry smartphone that supports Google Authenticator. The extension uses the free open-source Google Authenticator application to generate the security code required to log in.
Before your purchase, please make sure your device is able to run the Authenticator application.
- Android: Open the Android Market and search for Google Authenticator
- iPhone/iPad/iTouch: Visit the App Store and search for Google Authenticator
- BlackBerry: Visit http://m.google.com/authenticator on your BlackBerry
Additional Information
The secret key will only be saved on your smartphone. Neither XTENTO nor Google will be able to recover it. The magic all happens on your device.
If you ever lose your smartphone, be sure to create a new key in the Two-Factor Authentication section under 'Users' in Magento so no one is able to log in using your smartphone.
This extension does not guarantee a 100% protection against hackers. If someone hacks your FTP server, they will be able to disable the security code login, but if that ever happens, they'd be able to download your database anyways without Magento backend access.
Questions?
If you have any questions regarding this extension, please do not hesitate to contact us at info@xtento.com. We'll be happy to help!
Technical Specifications
Back to topSeller profile
Seller contact
Current Version
2.3.3
Adobe Commerce platform compatibility
Open Source (CE): 2.4 (current), 2.0 (obsolete), 2.1 (obsolete), 2.2 (obsolete), 2.3 (obsolete)
Commerce on prem (EE): 2.4 (current), 2.0 (obsolete), 2.1 (obsolete), 2.2 (obsolete), 2.3 (obsolete)
Commerce on Cloud (ECE): 2.4 (current), 2.2 (obsolete), 2.3 (obsolete)
Type
Stable Build
Updated
24 August, 2022
Categories
Extensions, Payments & Security
Quality Report
Back to topAll tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.
Release Notes
Back to top2.3.3:
- Compatible with Open Source (CE) : 2.2 2.3 2.4
- Compatible with Commerce on prem (EE) : 2.2 2.3 2.4
- Compatible with Commerce on Cloud (ECE) : 2.2 2.3 2.4
- Stability: Stable Build
-
Description:
===== 2.3.0 =====
* Established compatibility with Magento 2.3.7-p3 / 2.4.3-p2 / 2.4.4
* Established compatibility with PHP 8.1
* Updated Xtento_XtCore to version 2.13.0 ("PHP 8.1 compatibility")
===== 2.3.1 =====
* Updated Xtento_XtCore to version 2.14.0 ("Further PHP 8.1 fixes")
===== 2.3.2 =====
* Converted database install scripts to db_schema.xml - please check this upgrade carefully and take a DB backup before upgrading
* Updated Xtento_XtCore to version 2.16.0
* Dropped support for Magento 2.2.x. Earliest supported version is 2.3.x now.
===== 2.3.3 =====
* Established compatibility with Magento 2.4.5, 2.4.4-p1, 2.4.3-p3, 2.3.7-p4
* Updated Xtento_XtCore to version 2.17.0 ("Fixed error "Area code not set" during installation/upgrade")
2.2.9:
- Compatible with Open Source (CE) : 2.2 2.3 2.4
- Compatible with Commerce on prem (EE) : 2.2 2.3 2.4
- Compatible with Commerce on Cloud (ECE) : 2.2 2.3 2.4
- Stability: Stable Build
-
Description:
===== 2.2.9 =====
* Confirmed compatibility with Magento 2.3.7-p1 / 2.4.2-p2 / 2.4.3
2.2.8:
- Compatible with Open Source (CE) : 2.2 2.3 2.4
- Compatible with Commerce on prem (EE) : 2.2 2.3 2.4
- Compatible with Commerce on Cloud (ECE) : 2.2 2.3 2.4
- Stability: Stable Build
-
Description:
===== 2.2.8 =====
* Updated Xtento_XtCore to version 2.12.0 ("Removed phpinfo from debug information section due to possibly sensitive information being disclosed")
2.2.7:
- Compatible with Open Source (CE) : 2.2 2.3 2.4
- Compatible with Commerce on prem (EE) : 2.2 2.3 2.4
- Compatible with Commerce on Cloud (ECE) : 2.2 2.3 2.4
- Stability: Stable Build
-
Description:
===== 2.2.7 =====
* Fixed an issue where extension related images/JS cannot be loaded in the Magento backend
* Updated Xtento_XtCore to version 2.11.0 ("Added Content Security Policy (CSP) support. XTENTO resources are whitelisted.")
2.2.6:
- Compatible with Open Source (CE) : 2.2 2.3 2.4
- Compatible with Commerce on prem (EE) : 2.2 2.3 2.4
- Compatible with Commerce on Cloud (ECE) : 2.2 2.3 2.4
- Stability: Stable Build
-
Description:
===== 2.2.5 =====
* Fixed an issue when trying to delete an admin user ("Please enter your security code")
===== 2.2.6 =====
* Established compatibility with Magento 2.4.0 and 2.3.5-p2
* Established compatibility with PHP 7.4, dropped support for PHP 5.x
* Updated Xtento_XtCore to version 2.10.0
2.2.4:
- Compatible with Open Source (CE) : 2.1 2.2 2.3
- Compatible with Commerce on prem (EE) : 2.1 2.2 2.3
- Compatible with Commerce on Cloud (ECE) : 2.2 2.3
- Stability: Stable Build
-
Description:
===== 2.2.4 =====
* Updated Xtento_XtCore to version 2.9.0
2.1.9:
- Compatible with Open Source (CE) : 2.1 2.2 2.3
- Compatible with Commerce on prem (EE) : 2.1 2.2 2.3
- Stability: Stable Build
-
Description:
===== 2.1.9 =====
+ Established compatibility with Magento 2.3
2.1.8:
- Compatible with Open Source (CE) : 2.0 2.1 2.2
- Compatible with Commerce on prem (EE) : 2.0 2.1 2.2
- Stability: Stable Build
-
Description:
===== 2.1.8 =====
* Updated Xtento_XtCore to version 2.3.0
* Confirmed compatibility with Magento CE 2.2.5 / EE 2.2.5
2.1.7:
- Compatible with Open Source (CE) : 2.0 2.1 2.2
- Compatible with Commerce on prem (EE) : 2.0 2.1 2.2
- Stability: Stable Build
-
Description:
===== 2.1.6 =====
* Fixed issue: Uncaught Error: Call to undefined method Magento\Email\Model\Transport\Interceptor::send()
===== 2.1.7 =====
* Updated Xtento_XtCore to version 2.2.0
2.1.5:
- Compatible with Open Source (CE) : 2.0 2.1 2.2
- Compatible with Commerce on prem (EE) : 2.0 2.1 2.2
- Stability: Stable Build
-
Description:
===== 2.1.5 =====
* Updated Xtento_XtCore to version 2.1
2.1.3:
- Compatible with Open Source (CE) : 2.0 2.1 2.2
- Compatible with Commerce on prem (EE) : 2.0 2.1 2.2
- Stability: Stable Build
-
Description:
===== 2.1.3 =====
+ Compatibility with Magento 2.2 established
2.1.2:
- Compatible with Open Source (CE) : 2.0 2.1
- Compatible with Commerce on prem (EE) : 2.0 2.1
- Stability: Stable Build
-
Description:
Xtento_TwoFactorAuth
-------------
CHANGELOG
-------------
===== 2.0.0 =====
* Initial stable M2 release
===== 2.0.1 =====
* Compatibility with Magento 2.0.2
* Several code optimizations, code cleanup
* Updated Xtento_XtCore
===== 2.0.2 =====
* Updated Xtento_XtCore to 2.0.3
===== 2.0.3 =====
* Fixed bug that could lead to TFA can't be disabled anymore for an user after enabling it
* Compatibility with Magento 2.1.0 established
===== 2.0.4 =====
* Bugfix release
===== 2.0.5 =====
* Updated composer.json to require XTENTO "XtCore" base module
===== 2.0.6 =====
* Fixed error message "Please enter your security code" that was shown after editing an admin user
===== 2.0.7 ======
* Fixed bug after saving user role
===== 2.0.8 ======
* Added ability to change password at "My Account" without TFA prompt
===== 2.0.9 =====
* Fixed composer.json / PHP version requirement now according to Magento 2 requirements
===== 2.1.0 =====
* Fixed IP whitelisting for NginX SSL offloading into Varnish into NginX as PHP-FPM loadbalancer. The resulting IP was , 127.0.0.1
===== 2.1.1 =====
* Updated Xtento_XtCore to version 2.0.7 ("Added warning in module configuration at System > Configuration if module output is disabled via "Disable Module Output" at System > Configuration > Advanced > Advanced")
===== 2.1.2 =====
* Updated Xtento_XtCore to version 2.0.8
2.1.0:
- Compatible with Open Source (CE) : 2.0 2.1
- Compatible with Commerce on prem (EE) : 2.0 2.1
- Stability: Stable Build
-
Description:
Xtento_TwoFactorAuth
-------------
CHANGELOG
-------------
===== 2.0.0 =====
* Initial stable M2 release
===== 2.0.1 =====
* Compatibility with Magento 2.0.2
* Several code optimizations, code cleanup
* Updated Xtento_XtCore
===== 2.0.2 =====
* Updated Xtento_XtCore to 2.0.3
===== 2.0.3 =====
* Fixed bug that could lead to TFA can't be disabled anymore for an user after enabling it
* Compatibility with Magento 2.1.0 established
===== 2.0.4 =====
* Bugfix release
===== 2.0.5 =====
* Updated composer.json to require XTENTO "XtCore" base module
===== 2.0.6 =====
* Fixed error message "Please enter your security code" that was shown after editing an admin user
===== 2.0.7 ======
* Fixed bug after saving user role
===== 2.0.8 ======
* Added ability to change password at "My Account" without TFA prompt
===== 2.0.9 =====
* Fixed composer.json / PHP version requirement now according to Magento 2 requirements
===== 2.1.0 =====
* Fixed IP whitelisting for NginX SSL offloading into Varnish into NginX as PHP-FPM loadbalancer. The resulting IP was , 127.0.0.1
2.0.9:
- Compatible with Open Source (CE) : 2.0 2.1
- Compatible with Commerce on prem (EE) : 2.0 2.1
- Stability: Stable Build
-
Description:
Xtento_TwoFactorAuth
-------------
CHANGELOG
-------------
===== 2.0.0 =====
* Initial stable M2 release
===== 2.0.1 =====
* Compatibility with Magento 2.0.2
* Several code optimizations, code cleanup
* Updated Xtento_XtCore
===== 2.0.2 =====
* Updated Xtento_XtCore to 2.0.3
===== 2.0.3 =====
* Fixed bug that could lead to TFA can't be disabled anymore for an user after enabling it
* Compatibility with Magento 2.1.0 established
===== 2.0.4 =====
* Bugfix release
===== 2.0.5 =====
* Updated composer.json to require XTENTO "XtCore" base module
===== 2.0.6 =====
* Fixed error message "Please enter your security code" that was shown after editing an admin user
===== 2.0.7 ======
* Fixed bug after saving user role
===== 2.0.8 ======
* Added ability to change password at "My Account" without TFA prompt
===== 2.0.9 =====
* Fixed composer.json / PHP version requirement now according to Magento 2 requirements
2.0.8:
- Compatible with Open Source (CE) : 2.0 2.1
- Compatible with Commerce on prem (EE) : 2.0 2.1
- Stability: Stable Build
-
Description:
Xtento_TwoFactorAuth
-------------
CHANGELOG
-------------
===== 2.0.0 =====
* Initial stable M2 release
===== 2.0.1 =====
* Compatibility with Magento 2.0.2
* Several code optimizations, code cleanup
* Updated Xtento_XtCore
===== 2.0.2 =====
* Updated Xtento_XtCore to 2.0.3
===== 2.0.3 =====
* Fixed bug that could lead to TFA can't be disabled anymore for an user after enabling it
* Compatibility with Magento 2.1.0 established
===== 2.0.4 =====
* Bugfix release
===== 2.0.5 =====
* Updated composer.json to require XTENTO "XtCore" base module
===== 2.0.6 =====
* Fixed error message "Please enter your security code" that was shown after editing an admin user
===== 2.0.7 ======
* Fixed bug after saving user role
===== 2.0.8 ======
* Added ability to change password at "My Account" without TFA prompt
2.0.7:
- Compatible with Open Source (CE) : 2.0 2.1
- Compatible with Commerce on prem (EE) : 2.0 2.1
- Stability: Stable Build
-
Description:
Xtento_TwoFactorAuth
-------------
CHANGELOG
-------------
===== 2.0.0 =====
* Initial stable M2 release
===== 2.0.1 =====
* Compatibility with Magento 2.0.2
* Several code optimizations, code cleanup
* Updated Xtento_XtCore
===== 2.0.2 =====
* Updated Xtento_XtCore to 2.0.3
===== 2.0.3 =====
* Fixed bug that could lead to TFA can't be disabled anymore for an user after enabling it
* Compatibility with Magento 2.1.0 established
===== 2.0.4 =====
* Bugfix release
===== 2.0.5 =====
* Updated composer.json to require XTENTO "XtCore" base module
===== 2.0.6 =====
* Fixed error message "Please enter your security code" that was shown after editing an admin user
===== 2.0.7 ======
* Fixed bug after saving user role
2.0.6:
- Compatible with Open Source (CE) : 2.0 2.1
- Compatible with Commerce on prem (EE) : 2.0 2.1
- Stability: Stable Build
-
Description:
Xtento_TwoFactorAuth
-------------
CHANGELOG
-------------
===== 2.0.0 =====
* Initial stable M2 release
===== 2.0.1 =====
* Compatibility with Magento 2.0.2
* Several code optimizations, code cleanup
* Updated Xtento_XtCore
===== 2.0.2 =====
* Updated Xtento_XtCore to 2.0.3
===== 2.0.3 =====
* Fixed bug that could lead to TFA can't be disabled anymore for an user after enabling it
* Compatibility with Magento 2.1.0 established
===== 2.0.4 =====
* Bugfix release
===== 2.0.5 =====
* Updated composer.json to require XTENTO "XtCore" base module
===== 2.0.6 =====
* Fixed error message "Please enter your security code" that was shown after editing an admin user
2.0.5:
- Compatible with Open Source (CE) : 2.0 2.1
- Compatible with Commerce on prem (EE) : 2.0 2.1
- Stability: Stable Build
-
Description:
Xtento_TwoFactorAuth
-------------
CHANGELOG
-------------
===== 2.0.0 =====
* Initial stable M2 release
===== 2.0.1 =====
* Compatibility with Magento 2.0.2
* Several code optimizations, code cleanup
* Updated Xtento_XtCore
===== 2.0.2 =====
* Updated Xtento_XtCore to 2.0.3
===== 2.0.3 =====
* Fixed bug that could lead to TFA can't be disabled anymore for an user after enabling it
* Compatibility with Magento 2.1.0 established
===== 2.0.4 =====
* Bugfix release
===== 2.0.5 =====
* Updated composer.json to require XTENTO "XtCore" base module
2.0.4:
- Compatible with Open Source (CE) : 2.0 2.1
- Compatible with Commerce on prem (EE) : 2.0 2.1
- Stability: Stable Build
-
Description:
Xtento_TwoFactorAuth
-------------
CHANGELOG
-------------
===== 2.0.0 =====
* Initial stable M2 release
===== 2.0.1 =====
* Compatibility with Magento 2.0.2
* Several code optimizations, code cleanup
* Updated Xtento_XtCore
===== 2.0.2 =====
* Updated Xtento_XtCore to 2.0.3
===== 2.0.3 =====
* Fixed bug that could lead to TFA can't be disabled anymore for an user after enabling it
* Compatibility with Magento 2.1.0 established
===== 2.0.4 =====
* Bugfix release
2.0.3:
- Compatible with Open Source (CE) : 2.0 2.1
- Compatible with Commerce on prem (EE) : 2.0 2.1
- Stability: Stable Build
-
Description:
Xtento_TwoFactorAuth
-------------
CHANGELOG
-------------
===== 2.0.0 =====
* Initial stable M2 release
===== 2.0.1 =====
* Compatibility with Magento 2.0.2
* Several code optimizations, code cleanup
* Updated Xtento_XtCore
===== 2.0.2 =====
* Updated Xtento_XtCore to 2.0.3
===== 2.0.3 =====
* Fixed bug that could lead to TFA can't be disabled anymore for an user after enabling it
* Compatibility with Magento 2.1.0 established
2.0.2:
- Compatible with Open Source (CE) : 2.0
- Compatible with Commerce on prem (EE) : 2.0
- Stability: Stable Build
-
Description:
Xtento_TwoFactorAuth
-------------
CHANGELOG
-------------
===== 2.0.0 =====
* Initial stable M2 release
===== 2.0.1 =====
* Compatibility with Magento 2.0.2
* Several code optimizations, code cleanup
* Updated Xtento_XtCore
===== 2.0.2 =====
* Updated Xtento_XtCore to 2.0.3
2.0.1:
- Compatible with Open Source (CE) : 2.0
- Compatible with Commerce on prem (EE) : 2.0
- Stability: Stable Build
-
Description:
Xtento_TwoFactorAuth
-------------
CHANGELOG
-------------
===== 2.0.0 =====
* Initial stable M2 release
===== 2.0.1 =====
* Compatibility with Magento 2.0.2
* Several code optimizations, code cleanup
* Updated Xtento_XtCore
Support
Back to topThe best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.
Contact Vendor