The add-on Two Factor Authentication strengthens the security of your X-Cart store’s user accounts by integrating your store with Authy (Authy.com). The result is a two-factor authentication system that can be enabled for any type of X-Cart user accounts (admin / customer / vendor).
The add-on Two Factor Authentication levels up the protection of your store’s user accounts by requesting a user trying to log in to confirm their identity by providing a one-time code sent to their phone via SMS in addition to providing the regular username and password. The generation and sending of the SMS code is performed via Authy service. This method of user authentication is very secure: even if Authy server is compromised, the hacker will not have the usernames and passwords needed for account access as these sensitive details are NOT stored on the Authy end.
To start using the add-on, make sure it is installed and enabled.
Using the add-on requires that you have an account with Authy. You can get one here.
After the add-on has been enabled, proceed to the add-on settings page to configure it.
You will need to adjust the following parameters:
API key : Specify the API key from your Authy.com account. If you do not have an account yet, follow the steps below to create an Authy API Key:
Create a Twilio account here
Create an Authy application in the Twilio Console.
Once you have created a new Authy application, copy the API Key for Production available in the Settings page of your Authy application. See the image below for reference:
Production mode: Enable this setting if you do not need to test the integration and are ready to use the add-on in production mode.
Use two-factor authentication for the customer interface: Enable this setting if you need the two-factor authentication option to be available to customer accounts.
Use two-factor authentication for the administrator interface: Enable this setting if you need the two-factor authentication option to be available to admin and vendor accounts.
Once configured, the add-on extends the regular user profile field set with the fields Country phone code and Phone number.
The values for these fields need to be specified by the user at the time of account creation.
Alternatively, the values can be specified by the store admin in the respective user profile (Users -> User list -> User profile). Also the store admin can enable the option Require to change password on next log in for a user profile so the user is forced to renew their account password and specify the phone to enable the two-factor authentication for their account.