Two Factor Authentication


Editor’s Note: The post below was taken from our previous Joomla website and is shown here to enable users to access older posts (since this was first written we have moved server type and CMS platform; from Joomla! to WordPress):

One factor that had dissuaded us from running our own website was management of the content. Hence the decision to use Joomla! as the content management. However, the bane of sites using content management systems is the hacker. For some time banks have countered the username/password hackers by using two factor authentication, where a third means of identification is needed to login, which only the account holder knows, and is different each time they login. Some banks use a device to do this, others randomly selected characters in a predetermined phrase.

Google have now made available an app for smartphones called Google Authenticator. It is available in iOS, Android and Blackberry implementations. It is best used with a barcode scanning app, for example, on Android, the Barcode Scanner app. Having installed those two apps on your smartphone, you need to go into the administrator backend of Joomla! 3.x. Go to the Plugin Manager and find the Two Factor Authentication – Google Authenticator plugin (you can filter using twofactorauth as the filter) and enable it. If you have just installed Joomla! and you are at the back-end screen, you should have a message asking if you want to enable Two Factor Authentication, in which case you can enable it by clicking the button. Then go in to edit the plugin’s settings and enable the site section you want to use it for. For now I have it set to Administration back-end only, but I will enable it for the user front-end when we go live.

Finally, go to the User Manager and edit the Super User. Select the Two Factor Authentication tab and set the Authentication Method to Google Authenticator. In Step two it asks you for an identification code. If this is the first time you have used the app, it will ask you to set up an account by scanning a QR code, which you can now do. If you have used the app before, if you have used it for another account, it will open the screen for that account, in which case you will need to use the settings to make a new account, and again you scan the QR code. The app will give you a one time code. Be warned, it lasts only 30 seconds. Use the code to enable two factor authentication. Every time you log in to the back-end, you will need a new code from the smartphone app.

When we start using the front-end of the site and shop accessible to users, we will also require the same level of authentication from users, so that the users have a much increased level of security, and the potential for credit card payment fraud is much reduced.

Categories: Joomla.