Roasted 2FA (Two Factor Authentication) for Admin - RoastedBytes.com

Roasted 2FA (Two Factor Authentication) for Admin - RoastedBytes.com
Roasted 2FA (Two Factor Authentication) is a security plugin to increase the security of your NopCommerce administration panel. The plugin blocks access to admin areas of your NopCommerce store by asking an additional One Time Passcode, in addition to regular email/username and password authentication.
2021-01-23T13:22:26.4984033Z
Free
Get extension You will be re-directed to the developer's website to download this plugin
Supported versions: 3.90
Created: December 14,2015
Last updated: August 07,2017
Description

Roasted 2FA (Two Factor Authentication) is a security plugin to increase the security of your NopCommerce administration panel. The plugin blocks access to admin areas of your NopCommerce store by asking an additional One Time Passcode, in addition to regular email/username and password authentication.

Use the configuration page of the plugin to understand how to use the plugin. The passcode can be generated using an application like Google Authenticator or Authy. The main features of the plugin are as follows.

Features

  • Restricts people to access admin area by asking for a one time passcode
  • You can use any third party Code generator application like Google Authenticator to generate codes
  • Doesn't affect the regular customer flow. The Two Factor Authentication is required for administration pages only
  • Avoids brute force attack of One Time Passcodes by introducing fake processing delays

Why should I use this plugin?

While it's OK to use email and password for authentication, sometimes a hacker may gain access to your credentials using certain tools like keylogger or other similar tools. What this plugin does is sets up a two factor authentication for each administrator of the NopCommerce website. That authentication mechanism requires you to enter a onetime passcode that expires every 30 seconds. The beauty is that the passcode is unique for each customer. That's why even if hacker gets your administrator email/username and password, he'll still have to go through another barrier of One Time Passcode which'll only be generated on your mobile application.

The plugin is available for FREE.