Multi-factor Authentication (MFA) adds an extra layer of security for website users with special permissions when they sign into a Joomla! CMS website.

"The way Multi-factor Authentication works is that you first log in with your username and password. After that, you are presented with another screen to enter your second authentication method." Source: The Joomla! Project.

The Joomla! CMS includes a range of different authentication mechanisms which you can use to secure your website.

And you can use more than of these options.

Using more than one option will reduce your risk of being locked out of your website should your first choice option not work for any reason.

Multi-factor Authentication Plugins

The MFA Plugins are:

  • Verification Code,
  • Yubikey,
  • Passkeys,
  • Authentication Code by Email, and
  • Fixed Code.

The Fixed Code Plugin should NOT be enabled on live websites; it is not secure.

Its inclusion is intended only for use in a development website.

If your website was updated to Joomla! 5 from Joomla! 4 then you may notice that the list of MFA Plugins has changed.

Web Authentication Plugin (Joomla! 4) has been replaced by Passkeys Plugin (Joomla! 5).

What MFA looks like in the Login Panel

Here's what MFA looks like in the Login Panel of a WYNCHCO Website Design when MFA is enabled.

Contents include:

How to implement Multi-factor Authentication.
The Multi-factor Authentication Plugins.
How to respond if you are locked out of your website.

Subscribers: sign in to read full article