Multi-factor Authentication
Multi-factor Authentication (MFA) adds an extra layer of security for website users with special permissions when they sign into a Joomla! CMS website.
"The way Multi-factor Authentication works is that you first log in with your username and password. After that, you are presented with another screen to enter your second authentication method." Source: The Joomla! Project.
The Joomla! CMS includes a range of different authentication mechanisms which you can use to secure your website.
And you can use more than of these options.
Using more than one option will reduce your risk of being locked out of your website should your first choice option not work for any reason.
Multi-factor Authentication Plugins
The MFA Plugins are:
- Verification Code,
- Yubikey,
- Passkeys,
- Authentication Code by Email, and
- Fixed Code.
The Fixed Code Plugin should NOT be enabled on live websites; it is not secure.
Its inclusion is intended only for use in a development website.
If your website was updated to Joomla! 5 from Joomla! 4 then you may notice that the list of MFA Plugins has changed.
Web Authentication Plugin (Joomla! 4) has been replaced by Passkeys Plugin (Joomla! 5).
What MFA looks like in the Login Panel
Here's what MFA looks like in the Login Panel of a WYNCHCO Website Design when MFA is enabled.
Note: In the Front End we call the Login Module Sign in.
When MFA is enabled, an additional button is added to the Login Panel.
But only after you enable the following plugin:
- System - Passkey (Passwordless) Login.
Reason: this plugin is disabled by default in a WYNCHCO Website Design.
See the tab below for 'How to make the Passkey Login button visible'.
When MFA is enabled, an additional button is added to the Login Panel.
But only after you enable the following plugin:
- System - Passkey (Passwordless) Login.
Reason: this plugin is disabled by default in a WYNCHCO Website Design.
See the tab below for 'How to make the Passkey Login button visible'.
In a WYNCHCO Website Design the System - Passkey (Passwordless) Login plugin is disabled.
It is necessary to enable the plugin for the Passkey Button to be displayed in the Login panel of your website.
Here's how to enable the plugin to make the button visible.
Click the grey cross button displayed in the Status column next to the plugin's name.
The grey cross will change to a green tick.
The plugin is now enabled.