Difference between revisions of "Two Factor Authentication"
From Joomla! Documentation
(images marked for translation) |
(Marked this version for translation) |
||
| (27 intermediate revisions by 6 users not shown) | |||
| Line 3: | Line 3: | ||
{{-}} | {{-}} | ||
{{Top portal heading|color=white-bkgd|icon=lock|icon-color=#5091cd|size=3x|text-color=#333|title=<translate><!--T:1--> | {{Top portal heading|color=white-bkgd|icon=lock|icon-color=#5091cd|size=3x|text-color=#333|title=<translate><!--T:1--> | ||
| − | Two Factor Authentication</translate>}}</noinclude> | + | Two-Factor Authentication</translate>}}</noinclude> |
<translate><!--T:2--> | <translate><!--T:2--> | ||
| − | Joomla! was the first major CMS to implement | + | Joomla! was the first major CMS to implement Two-Factor Authentication. This adds a single-use code received on your smartphone or a Yubikey to your existing passwords to make your site extra hacker-proof.</translate> |
| − | <div class=" | + | <div class="row"> |
| + | <div class="large-6 large-centered columns"> | ||
| + | <div class="video-container"> | ||
{{#widget:YouTube|id=NbG6eehASW8}} | {{#widget:YouTube|id=NbG6eehASW8}} | ||
| + | </div> | ||
| + | </div> | ||
</div> | </div> | ||
| Line 14: | Line 18: | ||
Traditionally, when you want to log in to a website, you have to provide your username and your password in order to identify yourself to the system.</translate> | Traditionally, when you want to log in to a website, you have to provide your username and your password in order to identify yourself to the system.</translate> | ||
<translate><!--T:4--> | <translate><!--T:4--> | ||
| − | The biggest problem with this approach is | + | The biggest problem with this approach is your username and password can be stolen or guessed. For example, if your computer is infested with malware or you try to access your site from an untrusted network, such as a public WiFi hotspot, it is possible someone could intercept your username and password. This means they can log into your site as you. Because your username and password is compromised, your site can now be hacked.</translate> |
| − | For example, if your computer is infested with malware or | ||
<translate><!--T:5--> | <translate><!--T:5--> | ||
| − | In order to prevent that, Joomla! 3.2.0 and later versions | + | In order to prevent that, Joomla! 3.2.0 and later versions, come with a built-in Two-Factor Authentication system that secures your site login with a secondary, single use secret code. This is called [[wp:Two-factor authentication|Two-Factor Authentication]] or shortened to 2FA. </translate> |
<translate> | <translate> | ||
| − | ==Enable Two Factor Authentication== <!--T:6--> | + | ==Enable Two-Factor Authentication== <!--T:6--> |
</translate> | </translate> | ||
<translate><!--T:7--> | <translate><!--T:7--> | ||
The very first time you’re installing Joomla! 3.2 or higher, and access your backend, you’ll see a notice about post-installation messages.</translate> | The very first time you’re installing Joomla! 3.2 or higher, and access your backend, you’ll see a notice about post-installation messages.</translate> | ||
| − | [[Image:Joomla-two-factor-authentication-post-installation-<translate>en</translate>.png]] | + | [[Image:Joomla-two-factor-authentication-post-installation-<translate><!--T:29--> |
| + | en</translate>.png]] | ||
<translate><!--T:8--> | <translate><!--T:8--> | ||
| − | Click on the ''Review Messages'' button, you’ll see a screen which indicates that Two Factor Authentication is Available.</translate> | + | Click on the ''Review Messages'' button, you’ll see a screen which indicates that Two-Factor Authentication is Available.</translate> |
<translate><!--T:9--> | <translate><!--T:9--> | ||
| − | Click on the ''Enable | + | Click on the ''Enable Two-Factor Authentication'' button.</translate> |
| − | [[Image:Joomla-two-factor-authentication-enable-<translate>en</translate>.png]] | + | [[Image:Joomla-two-factor-authentication-enable-<translate><!--T:30--> |
| + | en</translate>.png]] | ||
<translate><!--T:10--> | <translate><!--T:10--> | ||
| − | To set up the Two Factor Authentication, go to the User Manager, edit a User and go to the Two Factor Authentication Tab:</translate> | + | To set up the Two-Factor Authentication, go to the User Manager, edit a User and go to the Two-Factor Authentication Tab:</translate> |
| − | [[Image:Joomla-two-factor-authentication-tab-<translate>en</translate>.png]] | + | [[Image:Joomla-two-factor-authentication-tab-<translate><!--T:31--> |
| + | en</translate>.png]] | ||
| − | Two | + | <translate> |
| + | <!--T:38--> | ||
| + | If the Two-Factor Authentication Tab does not appear, it is possible that the associated plugin is not enabled. In that case go to the Plugin Manager and find the Two Factor plugins. There are normally two - one for Google Authenticator and the other for Yubikey. Enable those that you intend to use. Then return to the User Manager and try again. | ||
| − | + | ==Authentication Methods== <!--T:11--> | |
| − | == | + | ===Google Authenticator=== |
</translate> | </translate> | ||
<translate><!--T:12--> | <translate><!--T:12--> | ||
| Line 49: | Line 57: | ||
<translate><!--T:13--> | <translate><!--T:13--> | ||
| − | You can enable Two Factor Authentication for the Frontend, the Backend or for Both. This can be set up in the plug-in ''Two Factor Authentication – Google Authenticator''.</translate> | + | You can enable Two-Factor Authentication for the Frontend, the Backend or for Both. This can be set up in the plug-in ''Two-Factor Authentication – Google Authenticator''.</translate> |
<translate><!--T:14--> | <translate><!--T:14--> | ||
| − | This provides extra protection against hackers trying to log in to your account. Even if they were able to get hold of your credentials they have a maximum 30s to hack | + | This provides extra protection against hackers trying to log in to your account. Even if they were able to get hold of your credentials they have a maximum 30s to hack your site. This is usually not practical for hackers. In this way, the Two-Factor Authentication prevents your site against unauthorized access.</translate> |
<translate><!--T:15--> | <translate><!--T:15--> | ||
| − | Setting up the | + | Setting up the Two-Factor Authentication with Google Authenticator is actually really easy.</translate> |
<translate> | <translate> | ||
| Line 63: | Line 71: | ||
Download and Install Google Authenticator on your smartphone or desktop.</translate> | Download and Install Google Authenticator on your smartphone or desktop.</translate> | ||
| − | [[Image:Joomla-Google-Authenticator-download-<translate>en</translate>.png]] | + | [[Image:Joomla-Google-Authenticator-download-<translate><!--T:32--> |
| + | en</translate>.png]] | ||
<translate> | <translate> | ||
| Line 69: | Line 78: | ||
</translate> | </translate> | ||
<translate><!--T:19--> | <translate><!--T:19--> | ||
| − | You can see a QR Code to scan with a mobile phone with the application of | + | You can see a QR Code to scan with a mobile phone with the application of Google Authenticator installed.</translate> |
| − | [[Image:Joomla-Google-Authenticator-setup-<translate>en</translate>.png]] | + | [[Image:Joomla-Google-Authenticator-setup-<translate><!--T:33--> |
| + | en</translate>.png]] | ||
<translate> | <translate> | ||
| − | ====Step 3 - Activate Two Factor Authentication==== <!--T:20--> | + | ====Step 3 - Activate Two-Factor Authentication==== <!--T:20--> |
</translate> | </translate> | ||
<translate><!--T:21--> | <translate><!--T:21--> | ||
| − | Go to the Activate Two Factor Authenticator field and enter the six digit security code you can see on the screen of your smartphone device. Then click on ''Save & Close''.</translate> | + | Go to the Activate Two-Factor Authenticator field and enter the six digit security code you can see on the screen of your smartphone device. Then click on ''Save & Close''.</translate> |
| − | [[Image:Joomla-Google-Authenticator-activate-<translate>en</translate>.png]] | + | [[Image:Joomla-Google-Authenticator-activate-<translate><!--T:34--> |
| + | en</translate>.png]] | ||
<translate><!--T:22--> | <translate><!--T:22--> | ||
| − | Now, your site access is protected by Two Factor Authentication. | + | Now, your site access is protected by Two-Factor Authentication. Log out from your backend, you’ll see that instead of asking for the username and password only, Joomla! is asking for a secret key. The Secret Key is the six digit password you can see on your Google Authenticator screen.</translate> |
| − | Log out from your backend, you’ll see that instead of asking for the username and password only, Joomla! is asking for a secret key. The Secret Key is the six digit password you can see on your Google Authenticator screen.</translate> | ||
| − | [[Image:Joomla-Google-Authenticator-login-<translate>en</translate>.png]] | + | [[Image:Joomla-Google-Authenticator-login-<translate><!--T:35--> |
| + | en</translate>.png]] | ||
<translate><!--T:23--> | <translate><!--T:23--> | ||
| Line 91: | Line 102: | ||
<translate> | <translate> | ||
| − | ==Yubikey== <!--T:24--> | + | |
| + | ===Yubikey=== <!--T:24--> | ||
</translate> | </translate> | ||
<translate><!--T:25--> | <translate><!--T:25--> | ||
| − | This feature allows you to use a Yubikey secure hardware token for | + | This feature allows you to use a Yubikey secure hardware token for Two-Factor Authentication. In addition to your username and password you will also need to insert your Yubikey into your computer's USB port, click inside the Secret Key area of the site's login area and touch Yubikey's gold disk. If you have an NFC-equipped Android smartphone you can just approach a compatible Yubikey token (Yubikey Neo) to the NFC reader to copy the secret code to the device's clipboard. The secret code generated by your Yubikey is unique to your device and changes constantly. This provides extra protection against hackers logging in to your account even if they were able to get hold of your password.</translate> |
<translate><!--T:26--> | <translate><!--T:26--> | ||
| − | You can enable Two Factor Authentication for the Frontend, the Backend or for Both. This can be set up in the plug-in ''Two Factor Authentication – Yubikey''.</translate> | + | You can enable Two-Factor Authentication for the Frontend, the Backend or for Both. This can be set up in the plug-in ''Two-Factor Authentication – Yubikey''.</translate> |
| − | [[Image:Joomla-two-factor-authentication-Yubikey-<translate>en</translate>.png]] | + | [[Image:Joomla-two-factor-authentication-Yubikey-<translate><!--T:36--> |
| + | en</translate>.png]] | ||
<translate> | <translate> | ||
| − | ===Contributor=== <!--T: | + | ==== See Also ==== <!--T:39--> |
| + | </translate> | ||
| + | <translate> | ||
| + | <!--T:40--> | ||
| + | *See also: [[S:MyLanguage/Backup_Basics_for_a_Joomla!_Web_Site|Backup Basics for a Joomla! Web Site]]</translate> | ||
| + | <translate> | ||
| + | ===Troubleshooting=== <!--T:27--> | ||
| + | If you are trying to save your two-factor settings and you see an error about invalid password or username, please refer to https://forum.joomla.org/viewtopic.php?f=708&t=981565. It is just necessary to remove the pre-populated password in your user profile form, and password not required unless you are changing it while editing your profile to set up the two-factor authentication. | ||
| + | </translate> | ||
| + | <translate> | ||
| + | ====Contributor==== <!--T:41--> | ||
</translate> | </translate> | ||
* Nicholas Dionysopoulos | * Nicholas Dionysopoulos | ||
| + | * Andrew Murray | ||
__NOTOC__ | __NOTOC__ | ||
<noinclude> | <noinclude> | ||
Latest revision as of 08:57, 7 April 2021
Joomla! was the first major CMS to implement Two-Factor Authentication. This adds a single-use code received on your smartphone or a Yubikey to your existing passwords to make your site extra hacker-proof.
Traditionally, when you want to log in to a website, you have to provide your username and your password in order to identify yourself to the system. The biggest problem with this approach is your username and password can be stolen or guessed. For example, if your computer is infested with malware or you try to access your site from an untrusted network, such as a public WiFi hotspot, it is possible someone could intercept your username and password. This means they can log into your site as you. Because your username and password is compromised, your site can now be hacked.
In order to prevent that, Joomla! 3.2.0 and later versions, come with a built-in Two-Factor Authentication system that secures your site login with a secondary, single use secret code. This is called Two-Factor Authentication or shortened to 2FA.
Enable Two-Factor Authentication[edit]
The very first time you’re installing Joomla! 3.2 or higher, and access your backend, you’ll see a notice about post-installation messages.
Click on the Review Messages button, you’ll see a screen which indicates that Two-Factor Authentication is Available. Click on the Enable Two-Factor Authentication button.
To set up the Two-Factor Authentication, go to the User Manager, edit a User and go to the Two-Factor Authentication Tab:
If the Two-Factor Authentication Tab does not appear, it is possible that the associated plugin is not enabled. In that case go to the Plugin Manager and find the Two Factor plugins. There are normally two - one for Google Authenticator and the other for Yubikey. Enable those that you intend to use. Then return to the User Manager and try again.
Authentication Methods[edit]
Google Authenticator[edit]
Google Authenticator is an application for smartphones and desktops created by Google which allows you to generate a six digit security password which changes every 30 seconds. In order to log in to your site, you’ll need to use your username, your password and the six digit security code which changes every thirty seconds.
You can enable Two-Factor Authentication for the Frontend, the Backend or for Both. This can be set up in the plug-in Two-Factor Authentication – Google Authenticator.
This provides extra protection against hackers trying to log in to your account. Even if they were able to get hold of your credentials they have a maximum 30s to hack your site. This is usually not practical for hackers. In this way, the Two-Factor Authentication prevents your site against unauthorized access.
Setting up the Two-Factor Authentication with Google Authenticator is actually really easy.
Step 1 – Get Google Authenticator[edit]
Download and Install Google Authenticator on your smartphone or desktop.
Step 2 - Set up[edit]
You can see a QR Code to scan with a mobile phone with the application of Google Authenticator installed.
Step 3 - Activate Two-Factor Authentication[edit]
Go to the Activate Two-Factor Authenticator field and enter the six digit security code you can see on the screen of your smartphone device. Then click on Save & Close.
Now, your site access is protected by Two-Factor Authentication. Log out from your backend, you’ll see that instead of asking for the username and password only, Joomla! is asking for a secret key. The Secret Key is the six digit password you can see on your Google Authenticator screen.
If you don’t enter the secret code or a random one, you won’t be able to login. This is what will happen to a hacker who tries to access your backend, since they don’t have the correct secret key.
Yubikey[edit]
This feature allows you to use a Yubikey secure hardware token for Two-Factor Authentication. In addition to your username and password you will also need to insert your Yubikey into your computer's USB port, click inside the Secret Key area of the site's login area and touch Yubikey's gold disk. If you have an NFC-equipped Android smartphone you can just approach a compatible Yubikey token (Yubikey Neo) to the NFC reader to copy the secret code to the device's clipboard. The secret code generated by your Yubikey is unique to your device and changes constantly. This provides extra protection against hackers logging in to your account even if they were able to get hold of your password.
You can enable Two-Factor Authentication for the Frontend, the Backend or for Both. This can be set up in the plug-in Two-Factor Authentication – Yubikey.
See Also[edit]
- See also: Backup Basics for a Joomla! Web Site
Troubleshooting[edit]
If you are trying to save your two-factor settings and you see an error about invalid password or username, please refer to https://forum.joomla.org/viewtopic.php?f=708&t=981565. It is just necessary to remove the pre-populated password in your user profile form, and password not required unless you are changing it while editing your profile to set up the two-factor authentication.
Contributor[edit]
- Nicholas Dionysopoulos
- Andrew Murray