J3.x

J3.x: Zwei-Faktor-Authentifizierung

From Joomla! Documentation

This page is a translated version of the page J3.x:Two Factor Authentication and the translation is 18% complete.

Other languages:
Deutsch • ‎English • ‎español • ‎français • ‎Bahasa Indonesia • ‎Nederlands
Joomla! 
≥ 3.2
Zwei-Faktor-Authentifizierung

Joomla! war das erste große CMS, welches die Zwei-Faktor-Authentifizierung implementiert hat. Diese Funktion erzeugt einen einmalig nutzbaren Code auf Deinem Smartphone oder mittels einem Yubikey, um die bereits bestehenden Passwörter Deiner Webseite noch sicherer gegen Hacker zu machen.

Normalerweise, wenn Du Dich an Deiner Webseite anmelden möchtest, gibst Du Deinen Benutzernamen und Dein Passwort ein, um Dich im System zu identifizieren. Das größte Problem bei diesem Ansatz ist, dass Dein Benutzername und Dein Passwort gestohlen oder erraten werden kann. Zum Beispiel, wenn Dein Computer mit Malware verseucht ist oder Du auf Deine Website von einem nicht vertrauenswürdigen Netzwerk zugreifst (z.B. öffentliche WLAN-Hotspots) ist es möglich, dass jemand Deinen Benutzernamen und Dein Passwort abfangen könnte. Das bedeutet, Fremde könnten sich mit Deinen Zugangsdaten anmelden. Weil Dein Benutzername und Dein Passwort kompromittiert ist, kann Deine Webseite jetzt gehackt werden.

Um das zu verhindern, enthält Joomla! 3.2.0 und spätere Versionen eine eingebautes Zwei-Faktor-Authentifizierung-System, welches Dein Webseiten-Login mit einem unabhängigen und einmalig nutzbaren Code schützt. Dies wird als Zwei-Faktor-Authentifizierung bezeichnet oder kurz 2FA.

Aktiviere die Zwei-Faktor-Authentifizierung

The very first time you’re installing Joomla! 3.2 or higher, and access your backend, you’ll see a notice about post-installation messages.

Joomla-two-factor-authentication-post-installation-en.png

Click on the Review Messages button, you’ll see a screen which indicates that Two-Factor Authentication is Available. Click on the Enable Two-Factor Authentication button.

Joomla-two-factor-authentication-enable-en.png

To set up the Two-Factor Authentication, go to the User Manager, edit a User and go to the Two-Factor Authentication Tab:

Joomla-two-factor-authentication-tab-en.png

If the Two-Factor Authentication Tab does not appear, it is possible that the associated plugin is not enabled. In that case go to the Plugin Manager and find the Two Factor plugins. There are normally two - one for Google Authenticator and the other for Yubikey. Enable those that you intend to use. Then return to the User Manager and try again.

Authentication Methods

Google Authenticator

Google Authenticator is an application for smartphones and desktops created by Google which allows you to generate a six digit security password which changes every 30 seconds. In order to log in to your site, you’ll need to use your username, your password and the six digit security code which changes every thirty seconds.

You can enable Two-Factor Authentication for the Frontend, the Backend or for Both. This can be set up in the plug-in Two-Factor Authentication – Google Authenticator.

This provides extra protection against hackers trying to log in to your account. Even if they were able to get hold of your credentials they have a maximum 30s to hack your site. This is usually not practical for hackers. In this way, the Two-Factor Authentication prevents your site against unauthorized access.

Setting up the Two-Factor Authentication with Google Authenticator is actually really easy.

Step 1 – Get Google Authenticator

Download and Install Google Authenticator on your smartphone or desktop.

Joomla-Google-Authenticator-download-en.png

Step 2 - Set up

You can see a QR Code to scan with a mobile phone with the application of Google Authenticator installed.

Joomla-Google-Authenticator-setup-en.png

Step 3 - Activate Two-Factor Authentication

Go to the Activate Two-Factor Authenticator field and enter the six digit security code you can see on the screen of your smartphone device. Then click on Save & Close.

Joomla-Google-Authenticator-activate-en.png

Now, your site access is protected by Two-Factor Authentication. Log out from your backend, you’ll see that instead of asking for the username and password only, Joomla! is asking for a secret key. The Secret Key is the six digit password you can see on your Google Authenticator screen.

Joomla-Google-Authenticator-login-en.png

If you don’t enter the secret code or a random one, you won’t be able to login. This is what will happen to a hacker who tries to access your backend, since they don’t have the correct secret key.


Yubikey

This feature allows you to use a Yubikey secure hardware token for Two-Factor Authentication. In addition to your username and password you will also need to insert your Yubikey into your computer's USB port, click inside the Secret Key area of the site's login area and touch Yubikey's gold disk. If you have an NFC-equipped Android smartphone you can just approach a compatible Yubikey token (Yubikey Neo) to the NFC reader to copy the secret code to the device's clipboard. The secret code generated by your Yubikey is unique to your device and changes constantly. This provides extra protection against hackers logging in to your account even if they were able to get hold of your password.

You can enable Two-Factor Authentication for the Frontend, the Backend or for Both. This can be set up in the plug-in Two-Factor Authentication – Yubikey.

Joomla-two-factor-authentication-Yubikey-en.png

See Also

Contributor

  • Nicholas Dionysopoulos