Two-Factor Authentication For Magento 1

magento ecommerce

In the midst of cloud applications being implemented and integrated on a mainstream level, businesses are increasing the amount of data and data points at an unprecedented rate.

This is great news for business stakeholders, giving them a more connected and holistic view of their company. However, with an increase in data points comes an increased chance of data breaches. In fact there is now a hack attack every 33 seconds, with 43% of these attacks targeting SMEs.*

Inlight of these statistics, and with cyber-attacks only increasing, you would think that businesses are doing their utmost to protect their personal and customer data from getting into the wrong hands. Surprisingly, this is not the case, with 52% of organisations that suffered successful cyber attacks in 2016 not making any changes to their security in 2017.**

What’s the reason for the lack of changes to organisation’s security? Usually, it’s down to budget restrictions. But, even with limited budgets, increasing your levels of security doesn’t have to cost as much as you might think. It could even save you from an expensive data breach down the line.

Protecting your ecommerce platform

One of the simplest ways to increase the level of security for your Magento admin is with two-factor authentication.

Two Factor Authentication

What exactly is two-factor authentication? Well, it’s an extra layer of security that requires the user to input their admin password and username, as well as a unique auto-generated code with a 30 second lifespan to gain access. For example, when you log in to your Facebook account for the first time on a new device, as well as typing in your username and password, you will have a code sent to your phone from Facebook that you must enter. This is in order to verify you are the owner of the account, so you can be trusted to gain access.

Two-Factor Authentication for Magento 1 is exactly the same premise. A code will be sent to a users phone and/or desktop app (generated by an Authenticator called WinAuth) which should be input when logging into the admin panel. Adding extra security to your Magento store and the data held within it.

So, how do you configure and use Two-Factor Authentication? Here’s our step-by-step guide to show you.

What You Will Need

Amasty 2 Factor Authentication


Step 1. Purchase and Install Extension for Magento 1

Firstly, you will have to purchase and install Two-Factor Authentication. You’ll need to purchase the extension from Amasty’s website. It’s available at a price of $69 for Magento 1 Community edition or $269 for Magento 1 Enterprise edition.

Step 2. Download WinAuth

After installing the extension, you will need to download WinAuth onto your device. This is the authenticator that will generate a code for your Magento users to enter when logging in, in order to access your store.

You can download WinAuth from here, there is also some instructions on this page to help.

Step 3. Configuring the Extension

Firstly, from the admin panel, you will need to hover over ‘system’, go to ‘configuration’ and then click on ‘Two-Factor Authentication’.

Magento Two Factor Authentication

You will be met with a tab that gives you the option to enable Two-Factor Authentication. To do this, select ‘Yes’ from the drop down menu next to ‘Enable Two-Factor Authentication’.

Below this, you can add trusted IP addresses to a whitelist. If an IP address is on the whitelist, a verification code will not be needed to login when someone tries to access your store from this specific IP address. You don’t have to add an IP address if you don’t want to.

Step 4. Configuring Two-Factor Authentication for a User

To configure the Two-Factor Authentication for a specific user, you need to go to ‘System’, then ‘Permissions’ and click on ‘Users’.

Magento Two Factor Authentication

From here, a table of your Magento users will appear. From this list, you can choose the user account that you want to add two-step authentication to.

After selecting the user account, a page will load with 4 tabs down the left-hand side. Click on the bottom tab labelled ‘Two-Factor Settings’. You will now be able to view the authenticator configuration options.

Now tick the checkbox, next to ‘Enable Two-Factor Authentication’, to open authentication settings for this user.

Magento Two Factor Authentication

After you check the box, under the ‘Configuration’ title, you will see some new information. This will include the secret key, QR code and security code.

Next, you will need to open WinAuth on your device. If using the desktop app you’ll need to complete the setup on all PCs that need admin access. To register the Magento login so WinAuth can send a code for that Magento user, you will need to either scan the QR code or enter the secret key into WinAuth.

Once WinAuth has accepted the code or secret key, it will show a one-time passcode that changes every 30 seconds. Input this security code into the ‘Security Code’ field in Magento, which is found underneath the QR code, and click the ‘Check Code’ link.

Magento Two Factor Authentication

After this, a verified message should appear next to the ‘Check Code’ link. Press the ‘Save User’ button and the form will save. From now on, the user will be required to enter a one-time security code each time they attempt to log into the admin panel.

Step 5. Testing Two-factor Authentication Login

In order to test that the two-factor authentication login process has worked correctly, you can simply log out of the admin area and then login again using the account you have just configured.

To login again, you will need to generate another code using WinAuth, and enter this in the new ‘Security Code’ field, as well as entering their standard login username and password.

Need Help?

Like the sound of giving your data and Magento store extra protection, but either don’t have the time or still can’t exactly figure out how? Contact us today about our website maintenance service by visiting our website here or by calling 01183 805 705.

Find out more