JoomlArt's Blog

Joomla Tutorials, info, Discussions and much more...

Joomla 4 has been released for testing and even it is still in development phase, we already see lots of new features and improvements. Joomla 4 will have better security system by requiring minimum PHP 7, using new technologies, removing deprecated functionalities … to help secure websites based on Joomla 4.

In this blog post, we will guide you how to secure your Joomla 4 website login using built-in 2 factor authentication system - this feature was firstly introduced in Joomla 3.2.0.

Joomla 4 two factor authentication login

Joomla 4 two factor authentication login

What is 2 factor authentication ?

In short, 2 factor authentication is to secure your site login with a secondary secret code that’s changing every 30 seconds. You can use your mobile device and the Google Authenticator app to produce that code.

Steps to setup 2 factor authentication system on Joomla 4 websites.

1. Enable twofactorauth plugins

There are 2 factor authentication services supported: Google Authenticator and Yubikey, they are built-in functionality in Joomla core (from version Joomla 3.2 and higher) using 2 twofactorauth plugins:

  • Two Factor Authentication - Google Authenticator
  • Two Factor Authentication - YubiKey

From back-end, go to extensions → plugins and search for those plugins. You can enable the service you want or use can use both at the same time.

Enable Joomla 4 two factor authentication plugins

Enable Joomla 4 two factor authentication plugins

You can always disable Two Factor Authentication plugin, or configure it for Backend usage only.

configure Joomla 4 two factor authentication plugins

Configure two factor authentication plugin

Understand more about Google Authenticator and YubiKey authentication

  • YubiKey Two Factor Authentication
    Allows users on your site to use two factor authentication using a YubiKey secure hardware token. Users need their own Yubikey available from https://www.yubico.com/. To use two factor authentication users have to edit their user profile and enable two factor authentication.
  • Google Authenticator Two Factor Authentication
    Allows users on your site to use two factor authentication using Google Authenticator or other compatible time-based One Time Password generators such as FreeOTP. To use two factor authentication please edit the user profile and enable two factor authentication.

2. Enable twofactorauth for users

Once the plugins are enabled, the Two Factor Authentication is going to be available for all users and you can configure Two Factor Authentication in User Details for each user.

Enable two factor authentication for users

Enable two factor authentication for users

Google Authenticator

When select Google Authenticator, you will see full instructions with 3 steps to activate Google authenticator for the user.

  1. Step 1 - install google authenticator or compatible application on your smartphone or desktop
  2. Step 2 - add information to google authenticator. Use can use key or QR code
  3. Step 3 - activate 2 factor authentication with security code above
activate Google Authenticator for user

Activate Google Authenticator for user

YubiKey Authenticator

If you select YubiKey, you will need insert your YubiKey device into your computer USB port. Select the security code field in the panel then touch the gold dark box on YubiKey device for 1 second.

activate yubikey Authenticator for user

Activate YubiKey Authenticator for user

You can find more information on two factor authentication and enable it for your user account in the user's profile page.

Know more about Joomla 4:

BLOG COMMENTS POWERED BY DISQUS