Using the Google Authenticator, you can combine the classic login to your Joomla! website via username and password with an additional security code. This will increase the security of your Joomla! website.
Joomla! supports two-factor authentication via Google Authenticator and Yubikey Out-Of-The-Box since version 3.2. In the first step, you activate the desired authentication method in the admin area and can then customize the two-factor authentication for each user individually. For example, you can exclude users without admin privileges from two-factor authentication.
Install Google Authenticator
Install the Google Authenticator App on your smartphone.
- In the Joomla! admin area (backend), select extensions, then manage and search for two-factor authentication.
- In the Two-Factor Authentication - Google Authenticator line, change the status to Enable extension.
Select the application area for two-factor authentication:
- Website (Frontend): Protects Quick-Edit, Forum, Comments - depending on your settings. The backend is not protected by two-factor authentication.
- Administrator (Backend): Users can still edit, post or comment in the forum in the frontend without two-factor authentication.
- Both: standard setting and our recommendation
Setting Up Two-Factor Authentication for Users
- Open the User area
- Select the user for whom you want to enable two-factor authentication.
- Change to the two-factor authentication area (top right tab)
Enable two-factor authentication
- Choose your authentication method. In this case: Google Authenticator
- Open the Google Authenticator app on your smartphone and scan the QR code (step 2). Alternatively, you can create the account manually. Use the account and keys displayed by Joomla! for this user.
You should now see a new entry for your website in the Google Authenticator app. The security code is updated every 30 seconds.
- Enter the security code from the Google Authenticator app in Step 3 - Enable two-factor authentication.
- Click on Save & Close
Two-factor authentication is now set up for this user. Use a new security code for each login in the future.
Log in with password and security code.
Save one-time passwords
If you do not have access to the authenticator, you can use one-time passwords. The one-time passwords will also be available in the future in the Users > Two-Factor Authentication section under Emergency one-time passwords.
Store your one-time passwords in a safe place.
That's all there is to it! Congratulations, your Joomla! website has become a lot safer!