Two-Factor Authentication

Two-Factor Authentication is an extra security layer that requires not only a username and password from the user but also require something (typically a device, like your smartphone) that only the given user can posess/access. This can be one of a large variety of devices/solutions, but the common ground here is that the user will be authenticated ONLy if have simultaneously BOTH authorization elements: the Joomla password and the second authentication attribute.

Typically 2FA uses a piece of information only the user should know or can immediately access, like a physical token or a randomly generated One Time Password or similar code.

Two-Factor Authentication has been introduced to Joomla core since 3.2.0 version.

The steps to enable Two-Factor Authentication:

Joomla CMS has a built-in plugin for Two Factor Authentication (2FA). Here is how to enable and configure the 2FA plugin for your Joomla backend.

The process has several important parts. First, you need to set up the plugin:

1. Log in to your Joomla admin dashboard.
2. Go to the "Extensions" menu and click on "Plugins."
3. Search for the "Two Factor Authentication" plugin and click on it to access its settings.
4. Enable the plugin by setting the "Status" toggle to "Enabled."
5. Update the plugin configuration to enable 2FA for the backend only. This can be done in the "Basic Options" section.
6. Click "Save & Close" to save your changes.

At this point you should check and enable the 2FA plugins available in your site; This is an optional steps, the most popular 2FA plugins are preinstalled and pre-enabled upon install, unless you migrated/upgraded your Joomla instance from a pre-3.2.0 Joomla version.

1. Go to plugins and filter for the type: multifactorauth
2. Check the available plugins, and enable those you want to make available to your users.
3. Optionally you can add extra plugins available in JED to set up 2FA.

Next you need to set up the general options for your users.

1. Go to Users backend menu item, and click on the top right Options button
2. Go to the Multi-factor Authentication tab, and do the changes you need. This part might be tricky, but you find good tips on your options if you hover them. It is adviseable for example to enforce use of 2FA for your backend users, but it is up to you what combination of options you feel that's working for you.

And, at the end you need to set up your individual user account. Basically EVERY user on your site will be able/will need to do this step, according to your options set up in the previous step. The existing users will have a new tab for this in their user profile, and new users will be prompted during registration for make their choices.

1. Edit your user account in the "Users" section of the Joomla backend.
2. You will now have a new tab or options for Two Factor Authentication.
3. Enable 2FA for your user account. You may need to input a secret key or QR code provided by the 2FA method you set up.
4. After you save your user profile, it will give you a one-time emergency password for recovery purposes.
5. You can use any of available 2FA plugins already installed and enabled.
6. Test your 2FA setup by logging out and attempting to log back in. Make sure to have your 2FA device ready.