I recently upgraded my Joomla! site to version 3.9.2. As I was reading through the post installation messages I noticed that Two-Factor Authentication was available. How exciting, finally another layer of security around user authentication. Apparently the Two-Factor Authentication was added to the Joomla! core as of version 3.2: I’m a little late to the game but this feature is so cool and easy to implement that I have to spread the word.
What Is Two-Factor Authentication
Two-Factor Authentication (2FA) is now a very common security practice for major software releases. You may have heard of 2FA being referred to as Two-Step Verification, Dual-Factor Authentication, or even Multi-Factor Authentication. Essentially, Two-Factor Authentication is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user’s credentials and the resources the user can access. Normally users authenticate to applications/websites with their username and password, however these credentials can be easily hacked. Implementing Two-Factor Authentication provides a stronger authentication protocol because your application will now require a secondary random secret code to be provided along with the correct username and password.
Configure Two-Factor Authentication for Joomla
Enabling Two-Factor Authentication for Joomla! is super easy. To setup the Two-Factor Authentication, go to the User Manager, edit a User and go to the Two-Factor Authentication Tab. If the Two-Factor Authentication Tab does not appear, it is possible that the associated plugin is not enabled. In that case go to the Plugin Manager and find the Two Factor plugins. There are normally two – one for Google Authenticator and the other for Yubikey. Enable those that you intend to use.

1. Download and Install Google Authenticator on your smartphone or desktop

2. You can see a QR Code to scan with a mobile phone with the application of Google Authenticator installed.

3. Go to the Activate Two-Factor Authenticator field and enter the six digit security code you can see on the screen of your smartphone device. Then click on Save & Close.

Log out from your backend, you’ll see that instead of asking for the username and password only, Joomla! is asking for a secret key. The Secret Key is the six digit password you can see on your Google Authenticator screen.Now, your site access is protected by Two-Factor Authentication.
