Google Authenticator allows you to combine the classic Joomla! login with username and password with an additional security code. This increases the security of your Joomla! website.
Since version 3.2, Joomla! supports two-factor authentication via Google Authenticator und Yubikey out of the box.
As a first step, you select the desired authentication method in the admin area. Afterwards, you can adapt the two-factor authentication for each user individually. For example, you can exclude users without admin rights from the two-factor authentication.
Installing Google Authenticator
Enabling the Plugin
- In the Joomla! admin area, select Plugins and then Manage and search for two factor authentication.
- In the Two Factor Authentication – Google Authenticator line, change the status to Enable plugin.
- Select the Site Section you want to protect with Two Factor Authentication:
- Site (Frontend): Quick edit, comments (depending on your settings) and forum are protected by Two Factor Authentication, your backend is not. I would not recommend this setting, but if you have a good use-case, let me know in the comments.
- Administrator (Backend): Quick edit in the frontend, comments and forum are still available using default login.
- Both: Default setting (recommended)
Setting Up Two Factor Authentication for Users
- Open the Users section.
- Select the user for which you would like to enable two-factor authentication.
- Switch to the Two Factor Authentication section (top right tab).
Activating Two Factor Authentication
- Set your Authentication Method to Google Authenticator.
- Open the Google Authenticator app on your smartphone and scan the QR code (Step 2). Alternatively, you can also set up your account manually. To do so, use the account and key displayed for this user in Joomla!.
You should now see a new entry for your website in the Google Authenticator app. The security code is updated every 30 seconds.
- Enter the security code displayed in the Google Authenticator app under Step 3- Activate Two Factor Authentication.
- Click Save & Close.
The two-factor authentication is now set up for this user. From now on, use a new security code each time you log in.
Securing One-Time Emergency Passwords
For situations in which you don’t have access to the Authenticator, you can fall back on one-time emergency passwords. These are available in the Users > Two Factor Authentication section under One time emergency passwords.
Store your one-time emergency passwords in a secure location, just in case.
That’s it! Congratulations, your Joomla! website has just become a good bit more secure!
You might also like