Magento Commerce, 2.2.x

Magento 2.2.x Notice: As outlined by the Magento Software Lifecycle Policy, Magento 2.2.x has reached the End-of-Support and will no longer receive quality fixes or documentation updates. To maintain your site's performance, security, and PCIPayment Card Industry: Refers to debit and credit cards and their associated businesses. compliance, upgrade to the latest version of Magento.

The online Magento 2.2.x User Guide is scheduled for removal, but will remain available in PDF for Open Source, Commerce, and Commerce for B2B.

Installing Two-Factor Authentication

The Magento AdminThe password-protected back office of your store where orders, catalog, content, and configurations are managed. provides all access to your store, orders, and customer data. To further increase security to your Magento instance, add Magento Two-Factor Authentication (2FA), v3.0.0. Installing and enabling this module adds two-step authentication for all users attempting to access the Admin for all devices. All features and requirements are restricted to Admin user accounts, not extended to customer accounts.

At this time, Two-Factor Authentication can be installed only from the command line.

Two-Factor Authentication gives you the ability to:

  • Enable authenticator support for the Admin.
  • Manage and configure authenticator settings globally or per user account.
  • Reset authenticators and manage trusted devices for users.
  • Magento Community Contribution

    Magento thanks Riccardo Tempesta of MageSpecialist for contributing these features as part of the Magento Community Engineering program.

    MageSpecialist is a Magento Professional Solution Partner and Magento 2 Trained Partner. It is a dynamic and result-oriented web agency and software house, dedicated to the development of robust, reliable and scalable e-commerce solutions based on Magento and other open-source software. The agency specializes in complex software integration, high-performance hosting, and the management of mission critical projects.

Supported Authenticators


Authentication Type

Google Authenticator

Generate and enter code from mobile app

Requirements: Enable in Admin


SMS, call, token, and one touch

Requirements: Enable and API keys

U2F keys

Physical device to authenticate, YubiKey and other models supported.

Requirements: Enable in Admin

Duo Security

SMS and push notification.

Requirements: Enable, Integration and Secret keys, API hostname