Joomla community powered logo

Site Slogan

Two Factor Authentication

2FA (or in full: Two Factor Authentication) is becoming more and more the default setting you need to provide if you want to be sure (well, let's say more than without this feature) your site is somewhat hackproof. In the articles which are categorized in 2FA, we will first explain how to install the supporting software on a couple of devices, which will also be helpful when you want to use 2Fa on other platforms too (Dropbox, Google, ...). The other part of the articles will then focus on the Joomla specific installations and configurations to be done.

Two Factor Authentication in Joomla

In this toturial, we will show you how to enable 2 Factor Authentication in Joomla. Linked with this website hardening, we will explain how to install the necessary code generating applications for 2 Factor Authentication in Joomla on an Andriod device as wel as on a Windows computer. Once you know how the 2 Factor Authentication works, you will also be able to use it wherever you want on your Joomla sites as well as on other sites where they provide this kind of authentication (Google, Dropbox, Hootsuite, ...).

The tutorial is composed as a series of separate articles which can be accessed directly. However, if you want to follow a kind of logical order in the information available on this site, you can just follow the tutorial contents just beneath and walk through the articles in the order we propose.

Tutorial Contents

  1. What is Two Factor Authentication
  2. Why Two Factor Authentication
  3. Google Authenticator code generator setup
  4. Google Authenticator code generator configuration
  5. 2FA in Joomla - Step 1: enable the plugin
  6. 2FA in Joomla - Step 2A: configure 2FA per user - Back End
  7. 2FA in Joomla - Step 2B: configure 2FA per user - Front End
  8. 2FA in Joomla - Step 3: new login screen
  9. 2FA in Joomla - issues & solutions

Additional Information

Technical info

Glossary

  • 2FA - 2 Factor Authentication

External Links

  • The slidedeck from the presentation I've done in November 2014 for Joomla User Group Vlaanderen is uploaded to SlideShare.

2FA   Clef   Administrator Login Screen tmbOne of the non-core Two Factor Authentication possibilities in Joomla is implemented using the Clef 2FA. In this article, we will explain what extension to use, how to install and what extra steps you have to take to make it visible and usable all over your Joomla site.

In Joomla, we have a couple of 2FA implementations we can choose from. Some of them are part of the Joomla core, others are written as extensions.

2FA - First Aid Kit - 2FA error logging in to Joomla tmbnlTwo Factor Authentication or 2FA is a very good extra security layer for your site, but what if things go wrong and you cannot enter your site anymore as an administrator?

 

 

 

In all installations where software is involved, things can go wrong or don't work as expected. 2FA is no exception to this rule but we provide a solution for all of the cases where we have found out how to solve it.

After you have activated at least one of the 2Fa plugins, your login screen has changed.

Before being able to use 2FA, every user will have to set it up for him or her self. Depending on the access one has to the site, (s)he can configure the 2Fa feature using the back end or the front end. This article explains how to enable it using the back end of the site, both for Yubikey and Google Authenticator.

Before being able to use 2FA, every user will have to set it up for him or her self. Depending on the access one has to the site, (s)he can configure the 2Fa feature using the back end or the front end. This article explains how to enable it using the back end of the site, both for Yubikey and Google Authenticator.

How do you make it possible for your website users to start using the 2FA possibilities? Simple: just enable the plugins so the users can start configuring their logins. But what plugins have to be enabled and how do you do that?

If you want to use your Google Authenticator code generator, you have to configure it with the data provided by the application or site you want to approach using the Two Factor Authentication. In this article, we will describe the setup for both Windows and Android devices using the code generators as described in our article about this topic. As this site is focused on Joomla, we will describe the setup of the applications linked to the Joomla 2FA.

To use Two Factor Authentication using Google Authenticator, you will have to install a code generator to generate your secret key. In this article, we elaborated 2 key generators (each on their own platform) which can be used for Joomla Two Factor Authentication - Google Authenticator.

There are couple of different solutions to protect your website from being hacked, and a lot of free and commercial extensions are available. However, before we dive into the details of all these possibilities, we need to know the very basics of a system to be secured with two factors (the so called Two Factor Authentication).

There is a lot already said and written about Two Factor Authentication, but why do we need it?

NOTE! This site uses cookies.

If you do not change browser settings, you agree to it. Learn more

I understand

Cookies

To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.

What are cookies?

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.

How do we use cookies?

A number of our pages use cookies to remember:

Also, some videos embedded in our pages use a cookie to anonymously gather statistics on how you got there and what videos you visited.

Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that some features of this site may not work as intended.

The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.

How to control cookies

You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

You can find the full EU privacy guideline by clicking on this link