SecuritySmash Security: Two-Factor Authentication (Pro)

Add 2FA for Maximum Admin Security

Two-Factor Authentication (2FA) requires a second verification step beyond passwords, dramatically reducing the risk of unauthorized access even if passwords are compromised.

How 2FA Works

1. Admin enters username and password
2. System prompts for 6-digit code
3. Admin opens authenticator app (Google Authenticator, Authy, etc.)
4. App shows time-based code that changes every 30 seconds
5. Admin enters code to complete login

Enabling 2FA (Pro Feature)

1. Ensure you have an active Pro license
2. Go to Extensions > Extensions > Modules
3. Edit "Smash Security + Admin Protection"
4. Navigate to the 2FA (Pro) tab
5. Enable "Two-Factor Authentication"

Configuration Options

Enable 2FA

Turn on 2FA functionality for your store.

Enforce for All Users

When enabled, ALL admin users must set up 2FA on their next login. They cannot access admin without it.

Recommended: Enable this for maximum security.

Setting Up 2FA (User Steps)

1. Log into admin panel
2. You'll be prompted to set up 2FA
3. Install an authenticator app on your phone:
   • Google Authenticator (iOS/Android)
   • Authy (iOS/Android/Desktop)
   • Microsoft Authenticator
4. Scan the QR code shown on screen
5. Enter the 6-digit code from the app to confirm
6. Save backup codes in a secure location

Backup Codes

During setup, you'll receive backup codes. These are one-time codes you can use if you lose access to your authenticator app.

Important:

• Save backup codes in a secure location (password manager, safe)
• Each code can only be used once
• If you run out, contact your store administrator

Recovery Options

If an admin loses their 2FA device:

1. Use a backup code
2. Another admin with database access can reset their 2FA
3. Contact support for assistance

Best Practices

• Enforce 2FA for all admin users
• Use Authy for backup across multiple devices
• Store backup codes separately from your authenticator
• Combine with IP whitelisting for maximum security