Two Factor Authentication or 2FA
The Joomla! CMS is equipped with a built-in two factor authentication or 2FA system.
Once activated this system adds an extra layer of security when users with special permissions sign into the control panel.
It can also be used to add the same extra layer when users sign in the front end.
Before we explore 2FA in more detail, it is worthwhile answering the following two questions:
- Which users should 2FA be activated for?
How to implement 2FA
You can either activate the built-in 2FA System plugins:
- Google Authenticator - a smartphone app which creates a single-use code to enable you to sign in;
- Yubikey - a small device which when plugged into your computer acts produces a single-use code;
or password protect your website's Administrator directory - either by using a WAF 1 or your hosting control panel 2.
1 Web Application Firewall - for example, Akeeba Admin Tools.
2 Password protection for the Administrator directory 0 for example, cPanel Hosting Control Panel.
Whichever method you use may result in YOU as well as the hackers being locked out of your website!
It is important that you know how to get back in if this happens.