Learn more about Access Rights Two Factor Authentication

Two Factor Authentication

What is 2 Factor Authentication

Multi-factor authentication (MFA; encompassing authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorised third party that may have been able to discover, for example, a single password.
https://en.wikipedia.org/wiki/Multi-factor_authentication

Available methods

TOTP

Use a Time-based one-time password (TOTP) provided by an application like Google Authenticator. A 6 digit number provided by the application must be entered during login. 2FAUserLogin

Security key

A security key is a verification method that allows you to securely sign in by plugging in directly into your computer’s USB port.
This implementation is based on WebAuthN method.

Setup

Two factor authentication is always available in WebAdmin do be configured. To activate it go to System Configuration > Security and select the Enable two factor authentication With this option enabled, only users that configure the two step authentication in their profile page will benefit from this authentication method.
If you want to force all users to use 2FA, you can enable the option that appears next to it, Forced to use two-step authentication 2FA-Webadmin

User configuration

If the option is active, the user can configure the 2nd authentication method in the profile form.
The interface will guide the user through the necessary steps to configure each mechanism.
2FAUserConfig
If the option Forced to use two-step authentication is activated, the user will be redirected to this page.

Change log

306.36 - TOTP configuration is only changed when the user has fully executed the process and introduced the 6 digit code
306.35 - Changed two factor authentication configuration to guide the user through the configuration process
306.20 - Fixed error that happened when the user had to change a password at login and there was a homepage defined
306.19 - Changed visibility of 'Invalidate 2FA" option in user configuration to always be visible when an application is configured to use 2FA, independently of the value it must have.
286.01 - New 2FA using WebAuthN
282.01 - Added Two-Factor Authentication (2FA) functionality with TOTP