Joomla! Help Support Warrington Cheshire Manchester Merseyside UKThe Joomla! CMS is equipped with a built-in two factor authentication or 2FA system.

Once activated a 2FA system adds an extra layer of security when users sign into your website.

2FA may be separately assigned to the Front End and the Dashboard when you enable one of two available plugins.

Google Authenticator

A smartphone app which creates a single-use code to enable you to sign in.

Yubikey

A small device which when plugged into your computer acts produces a single-use code.

Warning

Use of either plugin may result in you being locked out of your own website.

So learn how to get back in before this (inevitably) happens.

Read on.

 

What 2FA looks like in the Front End and Dashboard

And some alternative ways of improving security when users sign in.

An additional field is added to the Login Panel.

security plugins two factor login field

Should you enable 2FA for the Front End?

Maybe yes if your aim is to provide reassurance to registered users.

Some users may find the additional 2FA field to be confusing.

An alternative way of reassuring users would be to raise the bar by changing the User Options to require users to use longer more complex passwords.

Example; 16 digits, upper case and lower case, symbols.

An additional field is added to the Login Panel.

security plugins two factor login field cp

Should you enable 2FA for theDashboard?

Maybe yes if you are comfortable using your phone to unlock usage of everything online, or a device like a usb pen.

Alternative ways of improving security when signing into your website's Dashboard include:

  • requring users to use longer more complex passwords.
  • using the secret URL option in Akeeba Admin Tools PRO to hide the login panel;
  • using the directory password protection option in your Hosting Control Panel (this can also be set up using Admin Tools PRO).

 

Contents include:

How to implement 2FA.
The 2FA System Plugins.
Password protection of the Administrator directory.
How to respond when locked out of your website by 2FA.

Subscribers: sign in to read full article