New Security Update

Install critical updates for Magento 1.x and Magento 2.x versions

Improved Security with reCAPTCHA and Two-Factor Authentication

July 18, 2018

Magento is making Google reCAPTCHA and Two-Factor Authentication (2FA) functionality available for Magento Open Source, Commerce, and Commerce (Cloud) v2.1 and v2.2. These features provide enhanced access security to protect your Magento instance by reducing unauthorized access and significantly reducing spam.

Google reCAPTCHA helps restrict access to the Magento Admin and store to humans only, not robots. It provides enhanced security over Magento CAPTCHA with additional benefits including Invisible reCAPTCHA.

Two-Factor Authentication adds support for software authentication apps and hardware authentication devices including Google Authenticator, Authy, U2F devices, and Duo Security. It provides additional security by requiring a second step to verify access through an entered code or push request.

More Information

See the Magento User Guide for more details. The guide explores the features and describes installation procedures:

  • Installing Google reCAPTCHA 2.1 and 2.2

  • Installing Two-Factor Authentication 2.1 and 2.2.

These features will be included in default installations and upgrades of the upcoming 2.3 release.

Magento Community Contribution

Magento thanks Riccardo Tempesta of MageSpecialist for contributing these features as part of the Magento Community Engineering program.

MageSpecialist is a Magento Professional Solution Partner and Magento 2 Trained Partner. It is a dynamic and result-oriented web agency and software house, dedicated to the development of robust, reliable and scalable e-commerce solutions based on Magento and other open-source software. The agency specializes in complex software integration, high-performance hosting, and the management of mission critical projects.