msp / twofactorauth

msp/twofactorauth

Two Factor Authentication module for Magento2 - Member of MageSpecialist SecuritySuite

Riccardo Tempesta

magento2-module Compatibility: Not yet tested Code Quality: Fail Tests: N/A Security: Pass OSL-3.0

Get this package

Free

Install

Add the repository once:

composer config repositories.packagento composer https://packagento.com/

Then require:

composer require msp/twofactorauth:^2.1.12

Details

Latest version: 2.1.12
Released: 2018-03-24 10:47:45
Downloads: 0
License: OSL-3.0

Own this package?

Are you the maintainer? Create an account and link the source repository to claim this package and register a webhook so new versions publish automatically.

Claim this Package

Report this package

Seeing license violations, malicious code, IP infringement, or spam? Let our moderation team know.

Readme

MSP TwoFactorAuth

Two Factor Authentication module for maximum backend access protection in Magento 2.

Member of MSP Security Suite

See: https://github.com/magespecialist/m2-MSP_Security_Suite

Did you lock yourself out from Magento backend? click here.

Main features:

Providers:
- Google authenticator
  - QR code enroll
- Authy
  - SMS
  - Call
  - Token
  - One touch
- U2F keys (Yubico and others)
- Duo Security
  - SMS
  - Push notification
Trusted devices
- High security rolling codes
Trusted devices revoke list
Central security suite events logging
Per user configuration
Forced global 2FA configuration

Installing on Magento2:

1. Install using composer

From command line:

composer require msp/twofactorauth

2. Enable and configure from your Magento backend config

Enable from Store > Config > SecuritySuite > Two Factor Authentication.

3. Enable two factor authentication for your user

You can select among a set of different 2FA providers. Multiple concurrent providers are supported.

4. Subscribe / Configure your 2FA provider(s):

4.1 Google Authenticator example

4.2. Duo Security example

4.3. U2F key (Yubico and others) example

4.4. Authy example

Emergency commandline disable:

If you messed up with two factor authentication you can disable it from command-line:

php bin/magento msp:security:tfa:disable

This will disable two factor auth globally.

Emergency commandline reset:

If you need to manually reset one single user configuration (so you can restart configuration / subscription), type:

php bin/magento msp:security:tfa:reset <username> <provider>

e.g.:

php bin/magento msp:security:tfa:reset admin google

php bin/magento msp:security:tfa:reset admin u2fkey

php bin/magento msp:security:tfa:reset admin authy

Emergency of emergency and your house is on fire, your dog is lost and your wife doesn't love you anymore:

DO NOT ATTEMPT TO MODIFY ANY DB INFORMATION UNLESS YOU UNDERSTAND WHAT YOU ARE DOING

Table core_config_data:

msp/twofactorauth/enabled: Set to zero to disable 2fa globally
msp/twofactorauth/force_providers: Delete this entry to remove forced providers option

Table msp_tfa_user_config:

Delete one user row to reset user's 2FA preference and configuration

Changelog

No changelog yet

The vendor hasn't published a changelog. Tagged releases appear in the Versions tab.

Versions 38

Versions
Version	Stability	QA Status	Compatibility	Released
2.1.12	stable	Fail	Not yet tested Details	2018-03-24 10:47:45
2.1.11	stable	Not tested	Not yet tested Details	2018-03-16 10:36:49
2.1.10	stable	Not tested	Not yet tested Details	2018-03-02 09:45:08
2.1.9	stable	Not tested	Not yet tested Details	2018-02-25 19:02:58
2.1.7	stable	Not tested	Not yet tested Details	2018-02-09 10:59:45
2.1.6	stable	Not tested	Not yet tested Details	2018-02-08 15:40:36
2.1.3	stable	Not tested	Not yet tested Details	2018-01-29 13:43:18
2.1.2	stable	Not tested	Not yet tested Details	2018-01-04 13:25:53
2.1.1	stable	Not tested	Not yet tested Details	2017-11-20 14:55:38
2.1	stable	Not tested	Not yet tested Details	2017-10-28 22:33:07
2.0.13	stable	Not tested	Not yet tested Details	2017-10-26 15:50:30
2.0.12	stable	Not tested	Not yet tested Details	2017-10-19 15:49:02
2.0.11	stable	Not tested	Not yet tested Details	2017-09-12 13:49:28
2.0.10	stable	Not tested	Not yet tested Details	2017-09-08 08:19:10
2.0.9	stable	Not tested	Not yet tested Details	2017-09-07 16:49:55
2.0.8	stable	Not tested	Not yet tested Details	2017-09-07 16:12:52
2.0.7	stable	Not tested	Not yet tested Details	2017-09-01 12:57:57
2.0.6	stable	Not tested	Not yet tested Details	2017-08-29 08:53:39
2.0.5	stable	Not tested	Not yet tested Details	2017-08-24 09:28:08
2.0.4	stable	Not tested	Not yet tested Details	2017-08-23 16:35:56
2.0.3	stable	Not tested	Not yet tested Details	2017-08-22 07:28:09
2.0.2	stable	Not tested	Not yet tested Details	2017-08-21 10:12:30
2.0.1	stable	Not tested	Not yet tested Details	2017-08-11 17:36:37
1.2.3	stable	Not tested	Not yet tested Details	2017-08-09 18:09:57
1.2.2	stable	Not tested	Not yet tested Details	2017-07-31 17:06:12
1.2.1	stable	Not tested	Not yet tested Details	2017-07-31 16:50:50
1.2.0	stable	Not tested	Not yet tested Details	2017-07-31 16:07:19
1.1.1	stable	Not tested	Not yet tested Details	2017-06-22 12:36:06
1.1.0	stable	Not tested	Not yet tested Details	2017-06-14 15:49:50
1.0.2	stable	Not tested	Not yet tested Details	2017-06-11 15:04:09
1.0.1	stable	Not tested	Not yet tested Details	2017-06-11 14:59:47
1.0.0	stable	Not tested	Not yet tested Details	2017-05-31 16:11:49
0.1.5	stable	Not tested	Not yet tested Details	2017-05-08 12:07:07
0.1.4	stable	Not tested	Not yet tested Details	2017-05-07 15:53:44
0.1.3	stable	Not tested	Not yet tested Details	2016-07-20 08:22:51
0.1.2	stable	Not tested	Not yet tested Details	2016-07-15 14:24:20
0.1.1	stable	Not tested	Not yet tested Details	2016-07-15 13:44:23
0.1.0	stable	Not tested	Not yet tested Details	2016-07-15 13:17:59

Dependencies 9

Requires 8

Package	Constraint
php	^7.0\|^7.1
msp/security-suite-common	^2.0
magento/magento-composer-installer	*
christian-riesen/base32	^1.3
spomky-labs/otphp	~8.3
endroid/qrcode	^2.5
donatj/phpuseragentparser	~0.7
yubico/u2flib-server	^1.0

Suggests 1

Package	Reason
msp/security-suite	Full MageSpecialist Security Suite

Quality 12

Compatibility

Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.

Compatibility matrix (Magento × PHP)
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	not tested	not tested
2.4.8		not tested	not tested
2.4.9			not tested	not tested

Code Quality

Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge — a phpcs finding can't make a module incompatible.

Static analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

Static analysis results
Tool	Status	Findings	Summary
PHPCS	Fail	74	4 errors, 70 warnings (ruleset: Magento2) — 6 auto-fixable with phpcbf
PHPMD	Warning	22	22 rule violations (MissingImport:9, IfStatementAssignment:9, UndefinedVariable:3, NumberOfChildren:1)
Cpd	Pass	0
Composer validate	Info	1	valid; 1 advisory note (composer validate --strict)

PHPStan

Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases. Cell → details modal.

PHPStan results by Magento and PHP version
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	N/A	N/A
2.4.8		N/A	N/A
2.4.9			N/A	N/A

Tests

Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.

Unit tests

Unit tests results by Magento and PHP version
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	N/A	N/A
2.4.8		N/A	N/A
2.4.9			N/A	N/A

Integration tests

Integration tests results by Magento and PHP version
Magento	PHP 8.2	PHP 8.3	PHP 8.4	PHP 8.5
2.4.7	N/A	N/A
2.4.8		N/A	N/A
2.4.9			N/A	N/A

Security

Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.

Security results
Tool	Status	Findings	Summary
Composer audit	Pass	0
Malware scan	Pass	0

License

License

OSL-3.0

Authors

Riccardo Tempesta <[email protected]>

More from msp

View vendor

msp/passwordstrength Free

msp/uselowestpricefortier Free

magento2-module

v0.2.0 8yr ago

msp/module-relinker-api Free

magento2-module

Static Relinker for Magento 2 API

v0.2.1 5yr ago

Make it pay

Turn an existing module into recurring revenue.

If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.

List your module