We’re happy to announce that we’ve brought two-factor authentication to Magento in partnership with Magento development agency Human Element. This new plugin, named Sentry, will allow Magento retailers a solution for secured, two-factor authentication. Two-factor authentication offers enormously enhanced security for Magento eCommerce stores.
Passwords alone have never been a great way to handle secure authentication and in the modern computing era, they can be a liability. Magento has very good password security capabilities, but this only goes so far. Magento passwords are already properly hashed and salted, but even that level of security depends on administrators having the security awareness to choose strong passwords in the first place and not to share those passwords.
Evidence has shown time and again that the average human has a tendency to choose poor and/or easily guessed passwords, and with the enormous number of password databases that have been stolen and cracked over the last few years, online criminals are getting ever better at targeted attacks that break simple password security. Breached accounts can cause huge headaches for retailers, including fraudulent orders and hijacked customer accounts.
Two-factor authentication is the solution. Two-factor authentication incorporates an extra layer of security that is used in addition to the usual username and password combination, and that is much harder for a malicious third party to guess.
The new Sentry plugin will allow Magento retailers to offer TFA that integrates with several of the most common two-factor authentication providers, including Google Authenticator and Duo Security.
Two-factor authentication providers offer mobile apps and purpose-built devices that provide Magento administrators with a one-time code that they are required to enter when logging in to an eCommerce store. Mobile devices or TFA dongles provide proof that they have possession of a specific object: “something they have” as a second factor in addition to the common “something they know” of passwords.
Two-factor authentication on Magento has the potential to significantly decrease the incidence of fraudulent logins and provide proof to customers that a store takes their privacy seriously, and it doesn’t create significant friction for authenticating, something that’s of particular concern for eCommerce retail where complex login procedures have been shown to reduce sales.
We’ll be integrating the Sentry plugin with our Magento hosting plans, making two-factor authentication available to Nexcess clients. It will also be available from the MagentoConnect, and is available for download here.