{"id":13518736,"url":"https://github.com/markshust/magento2-module-disabletwofactorauth","last_synced_at":"2025-05-15T00:06:46.638Z","repository":{"id":46122233,"uuid":"286460801","full_name":"markshust/magento2-module-disabletwofactorauth","owner":"markshust","description":"The DisableTwoFactorAuth module provides the ability to disable two-factor authentication.","archived":false,"fork":false,"pushed_at":"2024-11-06T05:33:40.000Z","size":196,"stargazers_count":216,"open_issues_count":0,"forks_count":42,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-04-13T20:40:49.014Z","etag":null,"topics":["magento","magento2","magento2-module"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/markshust.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"markshust"}},"created_at":"2020-08-10T11:51:08.000Z","updated_at":"2025-04-11T12:45:55.000Z","dependencies_parsed_at":"2024-11-21T06:00:43.657Z","dependency_job_id":null,"html_url":"https://github.com/markshust/magento2-module-disabletwofactorauth","commit_stats":{"total_commits":20,"total_committers":6,"mean_commits":"3.3333333333333335","dds":"0.44999999999999996","last_synced_commit":"224c68d85479938f06ab2400148778575784871c"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markshust%2Fmagento2-module-disabletwofactorauth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markshust%2Fmagento2-module-disabletwofactorauth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markshust%2Fmagento2-module-disabletwofactorauth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/markshust%2Fmagento2-module-disabletwofactorauth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/markshust","download_url":"https://codeload.github.com/markshust/magento2-module-disabletwofactorauth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254249198,"owners_count":22039029,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["magento","magento2","magento2-module"],"created_at":"2024-08-01T05:01:48.338Z","updated_at":"2025-05-15T00:06:46.582Z","avatar_url":"https://github.com/markshust.png","language":"PHP","funding_links":["https://github.com/sponsors/markshust"],"categories":["PHP"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eMarkShust_DisableTwoFactorAuth\u003c/h1\u003e \n\n\u003cdiv align=\"center\"\u003e\n  \u003cp\u003eProvides the ability to disable two-factor authentication.\u003c/p\u003e\n  \u003cimg src=\"https://img.shields.io/badge/magento-2.4.0%E2%80%932.4.7+-brightgreen.svg?logo=magento\u0026longCache=true\u0026style=flat-square\" alt=\"Supported Magento Versions\" /\u003e\n  \u003ca href=\"https://packagist.org/packages/markshust/magento2-module-disabletwofactorauth\" target=\"_blank\"\u003e\u003cimg src=\"https://img.shields.io/packagist/v/markshust/magento2-module-disabletwofactorauth.svg?style=flat-square\" alt=\"Latest Stable Version\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://packagist.org/packages/markshust/magento2-module-disabletwofactorauth\" target=\"_blank\"\u003e\u003cimg src=\"https://poser.pugx.org/markshust/magento2-module-disabletwofactorauth/downloads\" alt=\"Composer Downloads\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://GitHub.com/Naereen/StrapDown.js/graphs/commit-activity\" target=\"_blank\"\u003e\u003cimg src=\"https://img.shields.io/badge/maintained%3F-yes-brightgreen.svg?style=flat-square\" alt=\"Maintained - Yes\" /\u003e\u003c/a\u003e\n  \u003ca href=\"https://opensource.org/licenses/MIT\" target=\"_blank\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-MIT-blue.svg\" /\u003e\u003c/a\u003e\n\u003c/div\u003e\n\n## Table of contents\n\n- [Summary](#summary)\n- [Why](#why)\n- [Installation](#installation)\n- [Usage](#usage)\n- [Credits](#credits)\n- [License](#license)\n\n## Summary\n\nWith the release of Magento 2.4, two-factor authentication (also known as 2FA) became enabled by default, with no\nability to disable it in either the admin or console. However, there are situations which may require 2FA to be disabled\nor temporarily turned off, such as within development or testing environments.\n\nThis module automatically disables 2FA while in developer mode (since version 2.0.0), and adds the missing toggle to turn 2FA on or off from the admin for other environments. It does this by hooking into the core code in\na very seamless manner, just as would be done if this toggle existed in the core code. Installing this module should not\nopen any security holes, as it just works off of a simple config toggle which, if not present, falls back to the default\nfunctionality.\n\nYou can also toggle 2FA back on while in developer mode, if you need to test your code functionality while 2FA is enabled.\n \n![Demo](https://raw.githubusercontent.com/markshust/magento2-module-disabletwofactorauth/master/docs/demo-2021-11-10.png)\n\n## Why\n\nWhy should you use this module? I hear all of the time that you can just disable Magento's 2FA module. There is a large inherent issue with doing this though.\n\nWhen you disable a module, it updates the `app/etc/config.php` file with the removed module, which will eventually make its way upstream (accidentally committed to version control or unintendedly leaving your development environment). This will disable 2FA on staging/production, which is a big security concern. This module resolves this because you can keep it installed \u0026 enabled on dev/stage/prod, but control whether or not 2FA is enabled or disabled with configuration settings or environment variables. This means you can have it permanently disabled on dev, but have it permanently enabled in all other environments, all while keeping this module installed in all environments.\n\n## Installation\n\n```\ncomposer require --dev markshust/magento2-module-disabletwofactorauth\nbin/magento module:enable MarkShust_DisableTwoFactorAuth\nbin/magento setup:upgrade\n```\n\n## Usage\n\nThis module automatically disables 2FA in developer mode (since version 2.0.0). In any other deployment mode, 2FA is kept enabled by default. This is to prevent any unexpected side effects or security loopholes from\nbeing introduced during automated installation processes.\n\nIt is highly recommended to install this module as a dev dependency to avoid security warning reports from either Adobe Commerce or other production environments which run security checks. This can be done either by passing in the `--dev` flag when installing it with Composer, or by adding it to the `require-dev` property of your `composer.json` file.\n\n### Disable 2FA\n\nIt may still be desirable to disable 2FA in non-production environments, such as within testing or internal staging environments. For these cases, 2FA is not automatically disabled. However, there are toggles to override the default Magento settings to disable 2FA within these environments.\n\nYou can also bypass 2FA for API token generation. This can be useful for third-party vendors during module development.\n\n*NOTE: Always keep 2FA enabled within production environments for security purposes.*\n\n#### 2FA\n\nTo disable 2FA, visit **Admin \u003e Stores \u003e Settings \u003e Configuration \u003e Security \u003e 2FA** and set *Enable 2FA* to **No**.\n\nCLI: `bin/magento config:set twofactorauth/general/enable 0`\n\n#### 2FA for API Token Generation\n\nTo disable 2FA for API Token Generation, visit **Admin \u003e Stores \u003e Settings \u003e Configuration \u003e Security \u003e 2FA** and set *Enable 2FA for API Token Generation* to **No**.\n\nCLI: `bin/magento config:set twofactorauth/general/enable_for_api_token_generation 0`\n\n### Enable 2FA in developer mode\n\nThis module automatically disables 2FA while developer mode is enabled, but there may be situations when you need 2FA enabled during development. Rather than needing to disable this module, you can just disable this configuration setting in the admin.\n\nTo enable 2FA while in developer mode, visit **Admin \u003e Stores \u003e Settings \u003e Configuration \u003e Security \u003e 2FA** and set *Disable 2FA in Developer Mode* to **No**.\n\nCLI: `bin/magento config:set twofactorauth/general/disable_in_developer_mode 0`\n\n## Credits\n\n### M.academy\n\nThis module is sponsored by \u003ca href=\"https://m.academy/\" target=\"_blank\"\u003eM.academy\u003c/a\u003e, the simplest way to master Magento development.\n\n\u003ca href=\"https://m.academy/\" target=\"_blank\"\u003e\u003cimg src=\"docs/macademy-logo-200x60.png\" alt=\"M.academy\"\u003e\u003c/a\u003e\n\n### Mark Shust\n\nMy name is Mark Shust and I am a 6X Adobe Commerce Certified Developer and the founder of \u003ca href=\"https://m.academy\" target=\"_blank\"\u003eM.academy\u003c/a\u003e. Since the early days of Magento, I've been involved with many intricately complex eCommerce and open-source projects.\n\nMy passion is teaching and helping others learn Magento, and has created many courses and tutorials to help thousands of students from all over the world to learn and improve their Magento skills.\n\n- \u003ca href=\"https://m.academy/courses/\" target=\"_blank\"\u003e🖥️ Learn with Magento courses\u003c/a\u003e\n- \u003ca href=\"https://m.academy/articles/\" target=\"_blank\"\u003e📖 Read my technical articles\u003c/a\u003e\n- \u003ca href=\"https://www.linkedin.com/in/MarkShust/\" target=\"_blank\"\u003e🔗 Connect on LinkedIn\u003c/a\u003e\n- \u003ca href=\"https://youtube.com/markshust\" target=\"_blank\"\u003e🎥 Watch on YouTube\u003c/a\u003e\n- \u003ca href=\"https://twitter.com/MarkShust\" target=\"_blank\"\u003e🐦 Follow me on X\u003c/a\u003e\n- \u003ca href=\"https://m.academy/contact/\" target=\"_blank\"\u003e💌 Contact me\u003c/a\u003e\n\n## License\n\n[MIT](https://opensource.org/licenses/MIT)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarkshust%2Fmagento2-module-disabletwofactorauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmarkshust%2Fmagento2-module-disabletwofactorauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmarkshust%2Fmagento2-module-disabletwofactorauth/lists"}