Businesses have been forced to shift their operations from office and employees are now working from home. This means that the tight security of the office environment has been lowered as employees use various devices over personal networks which are not as secure as office networks. Hacking threats have also increased by 20% and the most basic attack is seen at the account login page. It is a known fact that 81% of the hacking related breaches are due to stolen or weak password.
With this in mind, Magento has implemented a number of security tools to help merchants to better respond to these threats. Some of these are Magento Security Scan, Google reCAPTCHA, Content Security Policy and many other security updates. Magento will also support 2 Factor Authentication, which will protect your digital strorefront against attacks that target the account login. It will protect your account from unauthorized logins in three different areas: Magento.com accounts, Cloud Admin and Magento Admin.
Magento.com Accounts: 2FA can be activated for logging into services that are accessed using the Magento.com credentials. These include My Account, Magento Forums, Magento Help Center, Magento Marketplace, Magento U and Cloud Admin. You can go to the Account Settings menu to enable it.
Cloud Admin via SSH: 2FA will also be available for Magento Commerce hosted in the cloud using SSH to prevent unauthorized users from accessing the servers. By default, this setting is not enabled for a project but must be turned on.
Magento Admin: About 75% of the attacks were due to malicious users accessing a compromised admin account. With 2FA, it provides an extra layer of authentication and makes the admin portal more secure for merchants. It reduces the skimming attacks and in turn decreases the operational costs associated with security incidents.