Trader Information
Back to topOverview
Back to topAdmin Two-Factor Authentication (2FA) for Magento 2
Overview
This module enhances the security of the Magento 2 Admin Panel by adding Email-based One-Time Password (OTP) authentication for admin users.
When an administrator logs in with valid credentials, a one-time password is automatically sent to their registered email address. Access to the admin panel is granted only after successful OTP verification.
Key Features
- Email-based OTP authentication for admin login
- Automatic OTP delivery to registered admin email
- Resend OTP option if email is not received
- Configurable OTP expiration time
- Account lock after multiple failed attempts
- Manual unlock option for blocked accounts
- Enable or disable module from Admin configuration
Authentication Flow
- Admin enters valid username and password
- System generates and sends an OTP via email
- Admin enters OTP on verification screen
- On successful verification, admin gains access
OTP Validation Rules
- System displays remaining attempts after each incorrect OTP entry
(Example: “3 attempts remaining”, “2 attempts remaining”) - Maximum allowed attempts: 4
If Attempts Exceed Limit
- The admin account is automatically blocked
- Blocked users cannot log in until another administrator unlocks the account
Resend OTP Functionality
- Admin can click Resend OTP if the email is not received
- A new OTP is generated and sent
- Any previously generated OTP becomes invalid
Configuration
Navigation Path:
Admin Panel → Stores → Configuration → Plugin Partner → Plugin Partner 2FA
SettingDescriptionEnable ExtensionEnable or disable the 2FA moduleOTP Expiry TimeTime (in minutes) before OTP becomes invalid
Account Unlock
If an admin account is blocked due to failed OTP attempts:
- Another administrator can manually unlock it from the admin panel
- Once unlocked, the user can log in again using OTP authentication
Security Notes
- OTPs are time-bound and expire automatically
- Multiple failed attempts trigger account blocking to prevent brute-force attacks
- Resent OTPs invalidate previous OTPs
Compatibility
- Magento Open Source
- Adobe Commerce
- Magento Version: 2.x
Support
For issues, enhancements, or configuration assistance, please contact the support team at support@pluginpartner.com
Technical Specifications
Back to topSeller profile
Seller contact
Current Version
1.0.0
Adobe Commerce platform compatibility
Adobe Commerce (cloud): 2.4 (current)
Adobe Commerce (on-prem): 2.4 (current)
Magento Open Source: 2.4 (current)
Type
Stable Build
Updated
02 March, 2026
Categories
Extensions, Site Optimization, Site Monitoring
Quality Report
Back to topAll tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.
Release Notes
Back to top1.0.0:
- Compatible with Adobe Commerce (cloud) : 2.4
- Compatible with Adobe Commerce (on-prem) : 2.4
- Compatible with Magento Open Source : 2.4
- Stability: Stable Build
-
Description:
-------------------------------- Version 1.0.0 --------------------------------------
+ Added enable/disable feature for enable extension
+ Added time in minutes configuration to expire the otp
Support
Back to topThe best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.
Contact Vendor