Skip to content
No description, website, or topics provided.
PHP JavaScript HTML CSS
Branch: 2.3-develop
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Api
Block Display Google authentication code next to the QR code Sep 12, 2018
Command
Controller/Adminhtml
Model Database configuration encryption for 2FA Apr 17, 2019
Observer FIX redirect issue + ACL typo Feb 25, 2018
Plugin Fix issue #2 and FIX error while adding new admin user Feb 19, 2018
Setup Database configuration encryption for 2FA Apr 17, 2019
Test/Integration Database configuration encryption for 2FA Apr 17, 2019
Ui/Component/Form/User Fix issue #2 and FIX error while adding new admin user Feb 19, 2018
etc
screenshots Initial commit Dec 8, 2017
view/adminhtml MC-15426: UI component configuration update Apr 18, 2019
.gitignore
ISSUE_TEMPLATE.md Initial commit Dec 8, 2017
README.md Initial commit Dec 8, 2017
composer.json Release 3.1.2 (Magento 2.3.3 release preparation). Jul 29, 2019
registration.php Initial commit Dec 8, 2017

README.md

MSP TwoFactorAuth

Two Factor Authentication module for maximum backend access protection in Magento 2.

Member of MSP Security Suite

See: https://github.com/magespecialist/m2-MSP_Security_Suite

Did you lock yourself out from Magento backend? click here.

Main features:

  • Providers:
    • Google authenticator
      • QR code enroll
    • Authy
      • SMS
      • Call
      • Token
      • One touch
    • U2F keys (Yubico and others)
    • Duo Security
      • SMS
      • Push notification
  • Trusted devices
    • High security rolling codes
  • Trusted devices revoke list
  • Central security suite events logging
  • Per user configuration
  • Forced global 2FA configuration

Installing on Magento2:

1. Install using composer

From command line:

composer require msp/twofactorauth

2. Enable and configure from your Magento backend config

Enable from Store > Config > SecuritySuite > Two Factor Authentication.

3. Enable two factor authentication for your user

You can select among a set of different 2FA providers. Multiple concurrent providers are supported.

4. Subscribe / Configure your 2FA provider(s):

4.1 Google Authenticator example

4.2. Duo Security example

4.3. U2F key (Yubico and others) example

4.4. Authy example

Emergency commandline disable:

If you messed up with two factor authentication you can disable it from command-line:

php bin/magento msp:security:tfa:disable

This will disable two factor auth globally.

Emergency commandline reset:

If you need to manually reset one single user configuration (so you can restart configuration / subscription), type:

php bin/magento msp:security:tfa:reset <username> <provider>

e.g.:

php bin/magento msp:security:tfa:reset admin google

php bin/magento msp:security:tfa:reset admin u2fkey

php bin/magento msp:security:tfa:reset admin authy

Emergency of emergency and your house is on fire, your dog is lost and your wife doesn't love you anymore:

DO NOT ATTEMPT TO MODIFY ANY DB INFORMATION UNLESS YOU UNDERSTAND WHAT YOU ARE DOING

Table core_config_data:

  • msp/twofactorauth/enabled: Set to zero to disable 2fa globally
  • msp/twofactorauth/force_providers: Delete this entry to remove forced providers option

Table msp_tfa_user_config:

  • Delete one user row to reset user's 2FA preference and configuration
You can’t perform that action at this time.