Two-Factor Authentication by Duo¶
- Getting started with Duo
- Managing in the admin panel
Two-factor authentication (2FA) strengthens access security by requiring two methods to verify your identity: by something you know (like a username and password) and something you have (like a smartphone or smartwatch).
It is the most effective way to protect your store against remote attacks such as phishing, credential exploitation and other attempts to take over your account.
Sign in to the store like you normally do by entering your username and password.
Then you’ll be suggested to select one of the methods for the second step of authentication.
Let’s select Push notification.
Slide to view the push notification.
Your login request has been approved.
Authorization is successful.
You may want to watch a video explaining how the two-factor authentication protects your account.
The add-on is compatible with CS-Cart and Multi-Vendor 4.3.1 and above.
Don’t know what archive to download to install the add-on? Read here.
The PHP version should be at least 5.4.0.
You will need to download an authentication app to start using Duo Authorization.
Duo Mobile works with Apple iOS, Google Android, BlackBerry, Palm, Windows Phone 7, Windows Mobile 8.1 and 10, and J2ME/Symbian.
For more details, read here.
Install the “Two-Factor Authentication by Duo” add-on on the add-ons list page (“Add-ons” → ”Manage add-ons”). Click the + button in the top right corner, select an archive and click Upload & Install. You can now find the installed add-on in the list of installed add-ons, just make sure it is set to Active.
In the settings of the “Two-Factor Authentication by Duo” add-on, enter the details of your Duo account (see the Getting integration key, secret key, and API hostname section):
After that enable two-factor authentication under Settings - Security settings:
To set up authenticator for the administrator:
- Select the necessary admin under Customers > Administrators.
- Open its detailed page and switch to the Two-factor authentication tab. Click Enroll.
- You will be taken to the Duo website to set up your account. Click Start setup and complete all the steps.
At the end of the setup process, you should get this notice:
- Go back to the admin profile and click check status.
- Test your integration by using one of the following methods: code from Duo mobile, push notification, or phone call.
- Сlick Save the changes.