One of the most exciting new features in the upcoming Joomla 3.2 is two factor authentication, when enabled this feature, beside the username you will be required to enter your password + a time based secret key (this key is changed every 30 seconds), that is the reason why it is called “two factor”. This feature enhances your website’s security because a single password is considered not security enough nowadays.
So how to get started with this feature?
First, let’s install Joomla 3.2 (at this moment it is in alpha stage), the download link is:
After install Joomla 3.2 alpha, go to Joomla back end log in page and you can see a new secret key field right below username and password fields. At this moment, this new field will not do anything, just leave it empty and log in with your username and password.
After logged in, go straight to menu Users – Users Manager and click on your username to edit, you will see a new tab named “Two Factor Authentication” which is where we configure the secret key, it is disabled by default and we need to select to begin configuring it. This tab contains setup information which is very clear and easy to follow, I used my Android phone (with Google Authenticator installed) to scan the existing barcode and done! The Google Authenticator app will show you a random key which will be changed after 30 seconds. You will need to enter that random key back to verify it (Hints: use the Google Authenticator’s time correction for codes feature to sync your phone time with the server if your random key can not be verified).
Now you can log out and try to log in again to see how it actually works for you.