Secure Your Joomla Administrator With Two Factor Authentication

Sign In Will Require Something-You-Know And Something-You-have.

Manish Trivedi , 18 July, 2013

If you aren't security conscious with your website then you should be. In the earlier years of the web with there was little scope for any designer to build a proper manner for visitors to interact the site they were viewing. The pages consisted of static content comprising of text and images that were served up in HTML. But those days are now gone. As the tools used to build websites have evolved, so have the security threats that modern day sites face.

What to DO ?

In our routine involvement with the web world, we virtually daily stumble upon some or the other incidents of a site being hacked ruthlessly -- destroying the complete site and snatching the sole bread & butter for many. But, this situation can always be avoided if a site administrator pays timely attention to the minute security loopholes. Various security standards can be implemented but are somewhat difficult to achieve for a basic user. So, up till recently Google came up with an easy answer for all, named as Google 2 step verification.

It secures the signing in process using 2 constants-

  • Something you know i.e. your site’s backend password.
  • Something you have i.e. your mobile phone.

Why to get secured with Two Factor Authentication?

The Joomla administrator login of your site is a very crucial barrier to the hackers. It is on this wall that they all try their might to create a thaw and slip into the site backend creating havoc in your life.

The Two Factor Authentication adds an extra layer of security to the Joomla sites -- Mostly people have only a single security layer, their passwords restrict the access to the Admin panel or the back end of the sites.

two-factor-authentication-configure-screen1
Backend login module

But, sadly enough passwords can be cracked quite easily leading to disastrous results. With Two factor Authentication installed at your end even if a guy hacks through the above shown password check he will still be needing access to your mobile phone to get through his evil intentions.

As every time anyone enters your username and password (in case) to login, instantly the below shown screen will pop up and ask for a verification code. This unique Time-based One-Time Password will be generated only on your cellphone, using the Google Authenticator App. So, this new layer will add up to the strength of the security at your end.

two-factor-authentication-configure-screen2
Two factor Authentication security check post.

Any app that supports the Time-based One-Time Password (TOTP) algorithm can be used to generate the security token for you.

How to use Two Factor Authentication?

We have developed a super simple documentation complete with screenshots for proper guidance and easy understanding of the working. We would request you to go through it for easy as well as free setup of Two Way Authentication on your site. Google came up with this solution of multi factor authentication to leverage their mailbox security. It was necessary to evolve the process so that the sites could also be secured while taking advantage of the technology. Soon we came upon a script developed in PHP to work in sync with the Google App on the GitHub. Further polishings were done refinements and features added to develop our Two Factor Authentication which we will distribute completely free of cost. No subscription needed at all. Only a single tweet for us will do .


Download  

Please feel free to post your feature suggestions and experiences below ! It will help us improve.

blog comments powered by Disqus