Magento have recently implemented Two-Factor Authentication for Magento.com accounts after the shift towards working remotely has caused an increase in hacking threats.
Magento have always been efficient in their application of security, and they are now supporting the use of 2FA to protect digital storefronts against attacks that target the account login. According to Magento using 2FA security will better protect their merchants from malicious users attempting to perform unauthorized logins in three different areas: Magento.com accounts, Cloud Admin, and the Magento Admin.
2FA FOR MAGENTO.COM ACCOUNTS – When logging into Magento.com services you will be able to use Two-Factor Authentication. To enable it log into My Account and navigate to Two-Factor Authentication under the Account Settings menu.
2FA FOR CLOUD ADMIN VIA SSH – 2FA will also be available for Magento Commerce hosted in the cloud using SSH to prevent unauthorized users from accessing the servers. This will be released in the Magento Commerce 2.4 update but must be turned on. When 2FA is enforced, normal SSH key access to a project will no longer function for that user. Instead, a certifier must be used. The certifier is a remote component that allows a user to exchange an access token (the same type of tokens used in the Project UI, the CLI, etc.). The tokens are short-lived SSH certificates that replace the common public/private key exchange.
2FA FOR MAGENTO ADMIN – Adobe security operations found that malicious users were accessing compromised admin accounts to load card skimmers on the site. 2FA has been applied to Magento Admin to help reduce these kinds of attacks by providing an extra layer of authentication. In the release of Magento Commerce 2.4 2FA will be enabled by default for the Magento Admin and cannot be disabled.
