HEX
Server: Apache/2.4.41 (Ubuntu)
System: Linux ip-172-31-42-149 5.15.0-1084-aws #91~20.04.1-Ubuntu SMP Fri May 2 07:00:04 UTC 2025 aarch64
User: ubuntu (1000)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /var/www/vhost/disk-apps/magento.bikenow.co/vendor/magento/module-two-factor-auth/
Upload Files
File: /var/www/vhost/disk-apps/magento.bikenow.co/vendor/magento/module-two-factor-auth/README.md
MSP TwoFactorAuth

Two Factor Authentication module for maximum **backend access protection** in Magento 2.

> Member of **MSP Security Suite**
>
> See: https://github.com/magespecialist/m2-MSP_Security_Suite

Did you lock yourself out from Magento backend? <a href="https://github.com/magespecialist/m2-Magento_TwoFactorAuth#emergency-commandline-disable">click here.</a>

## Main features:

* Providers:
    * Google authenticator
        * QR code enroll
    * Authy
        * SMS
        * Call
        * Token
        * One touch
    * U2F keys (Yubico and others)
    * Duo Security
        * SMS
        * Push notification
* Central security suite events logging
* Per user configuration
* Forced global 2FA configuration

## Installing on Magento2:

**1. Install using composer**

From command line: 

`composer require msp/twofactorauth`

**2. Enable and configure from your Magento backend config**

Enable from **Store > Config > SecuritySuite > Two Factor Authentication**.

<img src="https://raw.githubusercontent.com/magespecialist/m2-Magento_TwoFactorAuth/master/screenshots/config.png" />

**3. Enable two factor authentication for your user**

You can select among a set of different 2FA providers. **Multiple concurrent providers** are supported.

<img src="https://raw.githubusercontent.com/magespecialist/m2-Magento_TwoFactorAuth/master/screenshots/user_tfa.png" />

**4. Subscribe / Configure your 2FA provider(s):**

**4.1 Google Authenticator example**

<img src="https://raw.githubusercontent.com/magespecialist/m2-Magento_TwoFactorAuth/master/screenshots/google_qr.png" />

**4.2. Duo Security example**

<img src="https://raw.githubusercontent.com/magespecialist/m2-Magento_TwoFactorAuth/master/screenshots/duo_auth.png" />

**4.3. U2F key (Yubico and others) example**

<img src="https://raw.githubusercontent.com/magespecialist/m2-Magento_TwoFactorAuth/master/screenshots/u2f_auth.png" />

**4.4. Authy example**

<img src="https://raw.githubusercontent.com/magespecialist/m2-Magento_TwoFactorAuth/master/screenshots/authy_auth.png" />

## Emergency commandline disable:

If you messed up with two factor authentication you can disable it from command-line:

`php bin/magento msp:security:tfa:disable`

This will disable two factor auth globally.

## Emergency commandline reset:

If you need to manually reset one single user configuration (so you can restart configuration / subscription), type:
 
`php bin/magento msp:security:tfa:reset <username> <provider>`

e.g.:

`php bin/magento msp:security:tfa:reset admin google`

`php bin/magento msp:security:tfa:reset admin u2fkey`

`php bin/magento msp:security:tfa:reset admin authy`

## Emergency of emergency and your house is on fire, your dog is lost and your wife doesn't love you anymore:

**DO NOT ATTEMPT TO MODIFY ANY DB INFORMATION UNLESS YOU UNDERSTAND WHAT YOU ARE DOING**

Table `core_config_data`:
* `msp/twofactorauth/enabled`: Set to zero to disable 2fa globally
* `msp/twofactorauth/force_providers`: Delete this entry to remove forced providers option

Table `msp_tfa_user_config`:
* Delete one user row to reset user's 2FA preference and configuration
@ Telegram