Security! It is so important to keep websites safe and secure and one of the weak points that hackers can use to get into your website is your passwords.
Recently, one of my personal password combinations was leaked out to the world when a popular website was hacked. This happens all the time. Adobe has been hacked, Sony and many more. It's worse when the passwords are stored in the databases as plain text and the hackers can then see the username and password combinations that are being used.
Joomla default login screen with two-factor authentication enabled
This is where two factor authentication comes into play to help protect your website and data.
Joomla 3 now comes with two factor authentication shipped with it so it is worth while taking advantage of it and enabling the feature on your websites to keep things safe and secure.
It is a quick and easy process and only takes a few minutes.
If you would like to learn more about two factor authentication and the scary online world that we live in, listen to the podcast interview with Chris Drake who is a specialist in this field.
Setting Up Your Joomla Website for Two Factor Authentication
Log into the backend of your Joomla website, that is the administration area of the website.
Navigate to Extensions->Plugins Manager
And type in the word "two" into the search filter. This is to filter down the plugins view down to only the two factor authentication plugin for the Google Authenticator.
In this case I already have the plugin enabled, hence there is a green tick next to the plugin.
Click on the Plugin link "Two Factor Authentication - Google Authenticator" and the plugin parameters should load.
Here you have a few options in regards to what you can set the plugin to do.
In my case I have Google Authenticator enabled on both the site (front end) and Administrator )back-end) of the website. You can choose what ever combination you want.
I also have the plugin set to "enabled" so that it will actually load.
Click "Save and Close" when you are done configuring the plugin.
Next you will have to enable two factor authentication on your user profile.
Enabling Two Factor Authentication to a User's Account
Navigate to Users->User Manager in the backend of your Joomla website.
Choose create new or choose an existing user from your list of users.
If you are familiar with this area of the website, you will now notice that there is a new tab at the end of the list of options for the user profiles called "Two Factor Authentication".
Click on the tab and choose "Google Authenticator" to enable it on the users account.
Now that you have this enabled, it will prompt you to go through a simple 3 step process of enabling the authenticator application on your smart phone.
In my case I have an iPhone so I'm using Google's Two Factor Authentication App from the iTunes store.
Just follow the instructions given to you on the user profile or follow these instructions from Google on how to install and setup the app on your smart phone.
It will as you to add the website to the app via entering in a code or via scanning a QR code. Once you have done this you will have to also enter in your first authentication code to verify the app with the website.
Once you have done this, consider yourself secured!
The very last option is to download backup codes just incase you loose your authentication device and can no longer access your website. These codes are one off use codes and will expire each time they are used.
Another alternative to all of this is the YubiKey which is a physical device that does almost the same thing as the mobile application.
Whatever your choice, enabling two factor authentication on your Joomla website will help increase the level of security and help protect your account and website from hackers.