Back office 2FA : to secure admin logins

PrestaShop 2FA Module: Secure Your Back-Office and Stop Password Theft

+983 downloads 5 / 5 8.X 9.X 5 languages 🇵🇱 PL 🇪🇸 ES 🇮🇹 IT 🇬🇧 EN 🇫🇷 FR

Secure your PrestaShop back-office with Two-Factor Authentication (2FA). This module turns your admin area into a fortress against password theft.

  • TOTP Protection: Compatible with Google Authenticator, Authy, and Microsoft Authenticator.
  • Productivity: Remember trusted devices for 30 days.
  • Total Control: Enforce by profile (SuperAdmin), audit log, and 10 backup codes.
  • Reliability: 3 emergency recovery methods (CLI, SQL, Bypass).
Features

Everything you need, nothing you don't.

TOTP two-factor authentication with Google Authenticator, Authy or Microsoft.

TOTP double verification

A temporary 6-digit code in addition to the admin password.

QR code activation

Scan a QR code to link your authenticator app.

Works with all authenticator apps

Google Authenticator, Authy, Microsoft Authenticator and more.

Backup codes included

Generate backup codes in case of smartphone loss.

Per-employee management

Each employee configures their own 2FA independently.

Anti-phishing protection

Even with a stolen password, access stays blocked without the code.

Customer reviews

They use it every day.

5 out of 5 · 5 reviews

"Best module I've found for PrestaShop. Worth every penny."

TG Tom G.

"Lo uso en 3 tiendas sin ningún problema."

IT Isabel T.

"Soporte técnico rápido y eficaz. Gran trabajo!"

DS Diego S.

"Relación calidad/precio inmejorable."

PR Pablo R.
description Full description expand_more

Secure your PrestaShop Back-Office with Two-Factor Authentication (2FA)

Did you know that a password, no matter how complex, is no longer enough to guarantee the security of your online store? Faced with the rise of phishing and credential theft, access to your administration is the preferred target for hackers. Our Two-Factor Authentication (2FA) module transforms your back-office into a true fortress. By adding a verification layer via smartphone, you ensure that only authorized persons can access your sensitive data, even if a password is compromised.

Absolute Protection Against Intrusions

The security of your Turnover and the protection of your customer data are your priorities. This module uses TOTP (Time-based One-Time Password) technology, the security standard used by banks and web giants. By integrating this module, you strengthen the GDPR compliance of your PrestaShop store and establish a climate of total trust within your management team.

Key Features for Flawless Security

  • Universal Compatibility: Works instantly with the best apps on the market like Google Authenticator, Authy, Microsoft Authenticator, and 1Password.
  • Granular Profile Management: Force 2FA activation for critical accounts (e.g., SuperAdmin) while leaving flexibility for other profiles.
  • Configurable Grace Period: Give your employees a few days to get equipped before making double authentication mandatory, thus avoiding any operational blockage.
  • Anti-Brute-Force Shield: The module automatically locks access after several unsuccessful attempts, discouraging automated intrusion attempts.
  • Trusted Devices: Combine security and productivity by allowing the memorization of your usual browsers for 30 days.
  • Complete Audit Log: Keep an eye on your administration's activity with a detailed history of logins, failures, and security changes.

Why Choose This Solution for Your PrestaShop Store?

Unlike other complex solutions, our module was designed for demanding e-merchants who don't want to sacrifice their time. It offers a perfect balance between high security and ease of use.

  • Total Serenity: Sleep soundly knowing that your catalog, margins, and customer files are protected by a digital double lock.
  • Zero Risk of Blockage: With 10 single-use backup codes and 3 emergency recovery methods (CLI, SQL, Bypass), you always maintain control over your work tool.
  • Native Performance: Developed specifically for PrestaShop 8.x and 9.x, the module is lightweight, fast, and adheres to the strictest coding standards.

Simple, Fast, and Effective Installation

You don't need to be a cybersecurity expert to protect your business. Installation takes just a few clicks directly from your module manager. Once activated, the module guides your employees step-by-step through their mobile app configuration. In less than 5 minutes, your PrestaShop back-office benefits from professional-grade protection, ready to face modern web threats.

Comparaison

Why choose us?

See how we compare to the most common alternatives on the market.

Feature Addons
Transparent pricing
Lifetime updates included
Direct developer support
PS 1.7, 8 & 9 compatible
Standardized clean code
Multi-store ready
No hidden renewal fees
Included Not included Partial / Not guaranteed
Preview

Discover the module in images.

Back office 2FA : to secure admin logins

Back office 2FA : to secure admin logins

Support

FAQ

Find answers to frequently asked questions about this module

2FA adds a second verification step when logging into the administration area. Even if a password is stolen (phishing, leak, reuse), access remains blocked without the temporary code generated on the phone. In an e-commerce back-office, this is direct protection against takeover: price changes, order hijacking, IBAN changes, admin account creation, or customer data exports.

The module uses the TOTP (Time-based One-Time Password) standard: a short-lived code generated by an authentication app. It is generally more robust and easier to deploy than SMS (costs, deliverability) or email (compromised inbox). TOTP is also compatible with most apps on the market.

The module is compatible with the most common TOTP applications: Google Authenticator, Authy, Microsoft Authenticator, 1Password. This allows each team member to use their preferred app without imposing a proprietary tool.

Yes: the priority in e-commerce is to focus on critical accounts (SuperAdmin, profiles with access to payments, modules, exports). The module allows enforcing 2FA by profile to apply it where the risk is highest, while maintaining flexibility for less sensitive roles if needed.

The module includes a "trusted devices" logic with a 30-day memory. Specifically, on a regular workstation (office computer, known browser), code requests are limited, while maintaining a strong barrier as soon as a new device or suspicious context appears. It's a good compromise between security and productivity.

This is a frequent case, so continuity of access is essential. The module provides 10 backup codes (single-use) and several emergency recovery methods. The goal: to avoid a total lockout while maintaining a controlled process (e.g., recovery by an authorized person).

The module features 3 recovery methods: CLI, SQL, Bypass. In practice, this is used to regain control if an admin is locked out: either via a server action (CLI), a database operation (SQL), or a managed bypass mechanism, depending on the scenario.

Good 2FA protection should also limit repeated attempts (brute force) on the password. The product page mentions a lockout after several unsuccessful attempts, which significantly reduces automated attacks and complements 2FA (which occurs after password validation).

Yes: an audit log is mentioned, with a history of logins/failures and security-related events. This is useful for diagnosing an incident, verifying that suspicious access has been blocked, or simply tracking the adoption of 2FA by the team.
View full documentation →

Join +983 merchants using this module

5-minute installation · Full documentation included

inventory_2 Module 9.90 € 2.97 € one-time -70%
Choose your license
3 months of support for 0.99€ · then 1.99€/month
  • Response within 24 business hours
  • 🔧 Installation & configuration assistance
  • 💬 Direct contact with the developer
Total due today
--
Then -- €/year from --/--/----
download Instant download lock Secure payment
or
bolt Try Free · 24h NEW
No commitment · Cancel in 1 click from your account
Instead of --€/year if purchased separately
Demo FO Demo BO Documentation
demo@demo.com / demodemo