Skip to content

C
coconva2118
Switch branch/tag
History Find file
Name
Last commit
 Last update
..
Api Loading commit data...
Block Loading commit data...
Command Loading commit data...
Controller/Adminhtml Loading commit data...
Model Loading commit data...
Observer Loading commit data...
Plugin Loading commit data...
Setup Loading commit data...
Ui/Component/Form/User Loading commit data...
etc Loading commit data...
screenshots Loading commit data...
view/adminhtml Loading commit data...
.gitignore Loading commit data...
ISSUE_TEMPLATE.md Loading commit data...
README.md Loading commit data...
composer.json Loading commit data...
registration.php Loading commit data...
README.md

MSP TwoFactorAuth

Two Factor Authentication module for maximum backend access protection in Magento 2.

Member of MSP Security Suite

See: https://github.com/magespecialist/m2-MSP_Security_Suite

Did you lock yourself out from Magento backend? click here.

Main features:

  • Providers:
    • Google authenticator
      • QR code enroll
    • Authy
      • SMS
      • Call
      • Token
      • One touch
    • U2F keys (Yubico and others)
    • Duo Security
      • SMS
      • Push notification
  • Trusted devices
    • High security rolling codes
  • Trusted devices revoke list
  • Central security suite events logging
  • Per user configuration
  • Forced global 2FA configuration

Installing on Magento2:

1. Install using composer

From command line:

composer require msp/twofactorauth

2. Enable and configure from your Magento backend config

Enable from Store > Config > SecuritySuite > Two Factor Authentication.

3. Enable two factor authentication for your user

You can select among a set of different 2FA providers. Multiple concurrent providers are supported.

4. Subscribe / Configure your 2FA provider(s):

4.1 Google Authenticator example

4.2. Duo Security example

4.3. U2F key (Yubico and others) example

4.4. Authy example

Emergency commandline disable:

If you messed up with two factor authentication you can disable it from command-line:

php bin/magento msp:security:tfa:disable

This will disable two factor auth globally.

Emergency commandline reset:

If you need to manually reset one single user configuration (so you can restart configuration / subscription), type:

php bin/magento msp:security:tfa:reset <username> <provider>

e.g.:

php bin/magento msp:security:tfa:reset admin google

php bin/magento msp:security:tfa:reset admin u2fkey

php bin/magento msp:security:tfa:reset admin authy

Emergency of emergency and your house is on fire, your dog is lost and your wife doesn't love you anymore:

DO NOT ATTEMPT TO MODIFY ANY DB INFORMATION UNLESS YOU UNDERSTAND WHAT YOU ARE DOING

Table core_config_data:

  • msp/twofactorauth/enabled: Set to zero to disable 2fa globally
  • msp/twofactorauth/force_providers: Delete this entry to remove forced providers option

Table msp_tfa_user_config:

  • Delete one user row to reset user's 2FA preference and configuration