With TYPO3 v11 an optional "Multi-Factor Authentication"(MFA) has been added to increase account security. TYPO3 supports among others the so called "Time-based one-time password" method, which is very easy to use. You install an OTP (One Time Password) app (e.g. Google Authenticator) on a second device (e.g. smartphone) and initialize the TYPO3 user accordingly (see instructions below).
The login process will look like this:
The user enters his access data (username/password) in the backend mask.
If the access data is correct, TYPO3 requests the 2nd factor (a time-based one-time password).
The app on the smartphone generates such a password every 30 seconds
The code generated by the app must be entered promptly
If the validation is successful, the user gets into the backend
Instructions for setting up 2-factor authentication
This article describes the procedure to enable Multi-Factor Authenticator (MFA/2FA) in TYPO3.
Step by step guide
Open the User Settings by first clicking on your profile in the upper right corner.
In the next step, click on Account Security.
Now open the settings for 2FA by clicking on "Setup multi-factor authentication".
Click on "Time-based one-time password" to reach your destination.
Now install, if you have not already done so, an authentication app from your respective store (smartphone). For example, Google Authenticator Android Play Store or IOS App Store. Once you have done this, you can use the app to scan the QR code or enter the shared secret.
After you have scanned the QR code or entered the copied code (shared Secret), you should end up in a similar view (this may vary if you are using a different app, of course). You then enter this code in "Enter the generated six-digit code" (next step).
(Optionally, you can still assign a name here) Once you have entered the code, click "Save" and you should be done with the setup accordingly. Please note that these codes are generated in an interval of, for example, 30seconds and are accordingly not valid for long.
(Recommended) In order to still have access to the TYPO3 account in case of loss of the smartphone (or similar), you can now set up backup codes . To do this, simply click on "+ Setup".
(Recommended) Here you write down the 8 generated codes in a safe place. Optionally, you can enter a name again. Once you press save, the codes will be stored and ready to use. Important: As long as the codes have not been saved, 8 new codes will be generated when the page is reloaded.
Now both the recovery codes and the authentication app are set up and you can test the login with 2FA.
As soon as you log in to the TYPO3 backend, you will be asked to enter the 6-digit code. This completes the setup successfully.