Two-Factor Authentication - How to Enable in Joomla
- by Naveen Kumar
- on Tutorials
It's not a long time ago when I got to know my personal Joomla website is hacked by some hackers. You would not believe how devastated and broken I was! All the sensitive data was stolen and the hackers were reaching out to my website users and spamming them.
I did not know what to do. I was completely blank. Then, I started contacting my hosting provider and also website maintenance company who managed my site. And the company informed me that they took the backup last night! I astonished after hearing that there is a backup of my site. Fortunately this time, I managed to recover some bit of thing from backup. However, information that is stolen can't be recovered.
No matter how strong your password is! It has always been a best practice to use the latest introduced 2-factor authentication system to your Joomla website.
I do not want anyone to face such an awkward situation like me. That’s why today in this article, I’m going to demonstrate how will you enable two-factor authentication to your Joomla Website. It is never too late to bring in a security measure that works for tomorrow. If you do not wish to do it today, you might be the next victim of tomorrow!
Also read: How to change Joomla Database Prefix to Improve Security
Introducing Two-factor Authentication in Joomla
Two-factor authentication is a security feature that adds an extra layer of protection to your website. Sounds interesting right?
It is indeed interesting! How?
Generally, we log in to our website using a username and password in order to verify yourself to the system. This is sometimes called Single Factor Authentication (SFA). So what’s the catch? Obviously, this is the problem. In fact, this is the loophole hackers try to get into your system.
Let’s take a simple example. When you use untrusted public wifi or network to login into your system, it is possible for hackers to steal your password and username. Thus, your entire system becomes open to hackers.
In order to prevent such a catastrophic disaster, Joomla provides built-in Two-Factor Authentication (2FA) which secure your site with a single use secret code.
How To Enable It On Joomla?
Enabling Two Factor Authentication is really simple in Joomla. You just need to follow few steps and you are done with add extra layer of security on your website.
Well, let’s start the Authentication Process now.
First login to your Joomla admin panel. And navigate to Users > User Manager. This action will display a link to your profile with a name, username, email address etc. Before you can actually enable Two-Step Verification, you have to edit your profile. Just click on your name that appears just under the Name field to open the profile editing page.
Now click on the Two-Factor Authentication Tab. There may be a situation where this tab can’t find there or it might be found inactive.
It can happen when the Two-Factor Authentication plugin is not enabled. In that case, just go to Plugin Manager and activate Google Authenticator and back to the User Manager to try again.
Let's start with the Google Authenticator method first.
Google Authenticator (GA) Method:
To enable Google Two-Step verification method, go to the drop-down menu on the same page and select Google Authenticator. It will bring the initial setup page for you.
Now install the Google Authenticator app on your device in order to activate and use it on your Joomla website. However, there are some unofficial apps also available which can be used for Google Authenticator.
This is the last step that you need to perform in order to finish GA. Simply open the App after linking your site with the service either by QR code or 6 digit key.
Your app will display a security code for your site and that code has to be entered in 30 seconds in the specified field. After entering the code, click Save to finish.
Note: After you enabled Two Factor Authentication successfully, you will see 10 backup codes on the edit profile page. This is given in case you lose your device. So, you must save these codes at a safer place to use them in emergency time. Remember that, you would not be able to login unless you provide a valid security code. Alternatively, you can make a print out of those codes and preserve safely.
You have been alert!
Does It Really Protect Us From Hackers?
Well, this sounds like a broad question. However, I made it short. :)
Yes indeed, it protects to some extent. But, you never know when and how your account will be hacked. To give your Joomla website an extra level of protection, it is always been a best practice to follow.
After reading the article above you have two options. Either to choose Two Factor Authentication or you completely reject this approach.
I guess you will probably follow the first option. In case you are not, then you are about to give an open window to the Hackers. Remember, you have been warned!