The Latest Security Feature-Two Factor Authentication (TFA) in Magento 2.4

Magento 2.4 has been officially released and offers a host of new security features that are intended to safeguard your website from malicious and unauthorized access.  The version has 30 different enhancements for increased security for both the Open Source and Commerce editions, with a focus on reducing the threat from Remote Code Execution (RCE), and Cross Side Scripting (XSS). Let’ take a look at the latest security feature, the Two-Factor Authentication (TFA) in Magento 2.4, and how best you can benefit by upgrading to the latest version of Magento.

 

2FA in Magento 2.4

 

Two Factor Authentication in Magento 2.4

Having a single authentication checkpoint increases the risk of your website being compromised.  Two Factor authentication has become increasingly popular for secure applications, as it adds an additional layer of security that requires a physical or pre-identified authentication, making it difficult to be compromised.  Magento 2.4 has introduced Two-Factor Authentication in its latest version for accessing the admin UI, with features to support multiple authentication platforms such as Google Authenticator, Duo, U2F Keys and Authy. This additional layer of security prohibits malicious users from accessing the admin panel.

2FA can now be configured for individual accounts or globally and is set by default in both the Open Source and Commerce versions, whereas it was optionally offered in the previous versions.

Here’s how to enable Two-Factor Authentication in Magento 2.4

  • Login the Magento 2.4 Admin Panel
  • Under Stores-Configuration, choose 2FA from the security option.
  • In the General Settings, you can choose and configure from the four available 2FA options, and can also select multiple options.

The four 2FA options with Magento 2.4:

Google Authenticator: The Google Authenticator uses the Authenticator App on the admin’s mobile to scan the barcode in the login page, which would generate a passcode that needs to be entered to login to the admin panel.

Duo: The Duo authentication would send SMS or Push notifications to the registered mobile with a passcode to complete the authentication.

Authy: Authy enables the 2FA process by means of a SMS, Call, Token or one-touch authentication.

U2F Keys: U2F Keys would require a physical authentication device such as a Yubikey.

The new version of Magento greatly improves ease of usage, security, maintenance, and offers a greater set of features for better customer engagement. We recommend that users upgrade to Magento 2.4 for getting the best performance from their eCommerce store.

Exinent has been in the forefront of Magento Consulting, Development, Migration, Support, and Maintenance since the past decade. We have successfully scripted success stories for hundreds of eCommerce stores. If you wish to discuss on Custom Magento Development, Migration, Consulting, Security, Speed & Checkout optimization and Audit services, do Contact Us and we will be glad to help you.