How to enable two-step authentication in Joomla

Two-step authentication is a safety feature that adds an extra layer of security on your Joomla site. Two factor authentication (2FA) is widely used in most of the popular online services. Here is how to enable 2-step authentication in your Joomla site.
First login to your Joomla administrator area. Go to Users > User Manager. It will show a link to your profile with name, username, email address etc. You need to edit your profile to enable two step verification. So, click on your name to open the profile editing page.

Navigate to the Two Factor Authentication tab.

There are two methods for using the two-step authentication. One is powered by Google Authenticator and another method provided by YubiKey.


We will explore both of them one by one. Let's start with the Google Authenticator (GA) method.

Enabling Google Authenticator

To use this method, select Google Authenticator from the drop-down menu. It will bring the initial setup page.


Step 1: Get the Authenticator App

Get the official Google Authenticator app in order to activate and use the service in your Joomla site. There are some unofficial apps as well that can be used with Google Authenticator.

Step 2: Setup the Feature

Run the Google Authenticator app on your device. It will show two options to add the site to GA. You can either scan the barcode or enter the provided key on the setup page of your site.

Step 3: Activate GA


This step checks whether your device is compatible with the Google Authenticator app. Open the app after linking the site with the service using the QR code or the key. It will display a security code for your newly added site. Enter that code into your site's specific field and press the Save button.
Note, the Google Authenticator app generates new codes in every 30 seconds. A code directly provided by the app is usable within 30 seconds after it is created.

Enabling Yubikey Authenticator

Yubikey is a physical two-factor verification tool. If you have this option enabled, you will need to insert the key token into the USB port of your computer. In login area, type your username-password and click inside the security key field. Then press the Yubikey golden disk- you will be signed in.
To enable Yubikey, select it from the drop-down menu.

Now insert the Yubikey tool inside your computer's USB port. Click inside the security code field and touch the golden disk for one second. Save the profile settings.

The Yubikey authenticator will be enabled for your site.

After enabling a two-step authentication method, you will get 10 backup codes (on the edit profile page) that can be used in case you ever lose access to the two-factor authenticator device. Keep these codes in a safe place. Please remember, you won't be able to sign-in to your site if you don't have any valid security code. So, print the backup codes and preserve safely. You have been warned!

Best Joomla Hosting is the leading provider of Windows hosting and affordable Joomla Hosting. Joomla Hosting from provides a safe, reliable and performance-driven foundation for your Joomla website. Joomla is the perfect Content Management System for managing and developing your website with one of ASPHostPortal’s Hosting plans. ASPHostPortal has ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2015, .NET 5/ASP.NET 4.5.2, ASP.NET MVC 6.0/5.2, Silverlight 6 and Visual Studio Lightswitch, ASPHostPortal guarantees the highest quality product, top security, and unshakeable reliability, carefully chose high-quality servers, networking, and infrastructure equipment to ensure the utmost reliability