Joomla 4 has been released for testing and even it is still in development phase, we already see lots of new features and improvements. Joomla 4 will have better security system by requiring minimum PHP 7, using new technologies, removing deprecated functionalities … to help secure websites based on Joomla 4.
In this blog post, we will guide you how to secure your Joomla 4 website login using built-in 2 factor authentication system - this feature was firstly introduced in Joomla 3.2.0.
What is 2 factor authentication ?
In short, 2 factor authentication is to secure your site login with a secondary secret code that’s changing every 30 seconds. You can use your mobile device and the Google Authenticator app to produce that code.
Steps to setup 2 factor authentication system on Joomla 4 websites.
1. Enable twofactorauth plugins
There are 2 factor authentication services supported: Google Authenticator and Yubikey, they are built-in functionality in Joomla core (from version Joomla 3.2 and higher) using 2 twofactorauth plugins:
- Two Factor Authentication - Google Authenticator
- Two Factor Authentication - YubiKey
From back-end, go to extensions → plugins and search for those plugins. You can enable the service you want or use can use both at the same time.
You can always disable Two Factor Authentication plugin, or configure it for Backend usage only.
Understand more about Google Authenticator and YubiKey authentication
- YubiKey Two Factor Authentication
Allows users on your site to use two factor authentication using a YubiKey secure hardware token. Users need their own Yubikey available from https://www.yubico.com/. To use two factor authentication users have to edit their user profile and enable two factor authentication.
- Google Authenticator Two Factor Authentication
Allows users on your site to use two factor authentication using Google Authenticator or other compatible time-based One Time Password generators such as FreeOTP. To use two factor authentication please edit the user profile and enable two factor authentication.
2. Enable twofactorauth for users
Once the plugins are enabled, the Two Factor Authentication is going to be available for all users and you can configure Two Factor Authentication in User Details for each user.
When select Google Authenticator, you will see full instructions with 3 steps to activate Google authenticator for the user.
- Step 1 - install google authenticator or compatible application on your smartphone or desktop
- Step 2 - add information to google authenticator. Use can use key or QR code
- Step 3 - activate 2 factor authentication with security code above
If you select YubiKey, you will need insert your YubiKey device into your computer USB port. Select the security code field in the panel then touch the gold dark box on YubiKey device for 1 second.
You can find more information on two factor authentication and enable it for your user account in the user's profile page.
Know more about Joomla 4:
- What new features and improvements to expect in Joomla 4 stable release ?
- Joomla 4 FAQs: All you need to know
- Joomla 4 New Back-end Preview: Outstanding Improvements
- Joomla 4 new Front-end template Preview – cassiopeia template
- [INFOGRAPHIC] 9 exciting Joomla 4 new features introduction
- 8 most exciting Joomla 4 new features
- Joomla 4 New Media Manager: How it helps manage media files
- JomSocial on Joomla 4: What to expect?