Just turn on your smartphone - open the Authenticator application - and you'll immediately see the security code required to log in, valid for the next 30 seconds only. It's really easy, but the increase in security is immense.
As long as you've got your phone, this will ensure only YOU are able to login, and nobody else. No other person is able to generate the security code as it's generated using a unique secret key only known to your phone. You can't log in if you don't have the security code. You can't log in if you don't have the password. You always need the password and the security code to log in. This makes it almost impossible for hackers to log into your Magento backend.
Setting up Two-Factor Authentication for an admin in Magento is easy: Just go to the Users section in the Magento backend, click
Create secret key and scan the barcode using the Authenticator application (on the phone of that user). That's it! Your account is now protected against unauthorized logins.
Get the Two-Factor Authentication extension now to protect against today's threats without the hassle and cost of yesterday's technology.
New feature! Disable Two-Factor Authentication for known IP addresses: Simply enter the IP addresses you don't want to use Two-Factor Authentication for in the Magento admin. This especially makes sense if you've got a static IP address and don't want to enter your secret key when logging in from a known and trustworthy IP address.