Add 2 factor authentication to your store admin logins. Allows you to use the Google Authenticator App to secure your admin for your store.
Q: Why not just use .htaccess?
htaccess is fine, but it is NOT 2 factor.
2 factor does not mean, 2 passwords.
2 factor is something you know
and something you have
With htaccess, I can learn both of your passwords and gain access to your admin from anywhere.
With 2 factor, I need to know your user/pass but I also must have your device with the google authenticator app in my possession in order to login.
Much more secure!
- Copy the files into your store and admin folders.
- Navigate to the Admin - Configuration - Administrators
- Edit an admin
- Enable the Google Authentication for the user and scan the QR code into the Google Authenticator App
- Click Save and then enter in the 6 digit code from the Authenticator App
- If successful, Google Authenticator is enabled for that user and will be required to login
- To disable Authenticator, you can edit the user, turn it off and save. You can also edit the administrators table and set googleauthenticatorsec='' and googleauthenticatoryn=0 for the admin user you want to disable Authenticator.
Add 2 factor authentication to your store admin logins.