Implementation of an two-factor-authentication using Google's 2-Step Verification algorithm.
Admin (backend) users whose role's resources are in the list of protected resources, are asked to enter one-time security code generated by the Google Authenticator app on their mobile phone after they have authenticated themselves in the admin by using standard login dialog. This ensures that critical resources in the admin have extra protection layer that cannot be accessed by third parties without one-time security code. It includes cases when someone's laptop is stolen or accessed by third parties.
NOTE: Default login will be also required to login! 2FA is only an additional login to increase the security.
How to use it
- Install Google Authenticator app to your smartphone
- Install this extension via Composer or modman
- Log in to Magento admin
- You will be requested to scan the QR code with the Google Authenticator app and define security questions
- Continue Log in
Installation using Composer
"magento-hackathon/magento-two-factor-authentication": "*" to the
require section of your
composer.json file or
add it by calling the Composer shell command:
composer require magento-hackathon/magento-two-factor-authentication:*
This project was initiated at the Magento Worldwide Online Hackathon, Januar 2014 and started as a proof-of-concept. The project was continued during the Pre-Imagine MageHackathon on May 11, 2014 and received further updates and maintenance from community members after this time.
MIT License (MIT)