No two factor authentication (2FA) option available to customers to secure their account login

[n2diving-dgx]

M2.3 includes an optional 2FA extension to further secure back-end user logins and with M2.4 a fully integrated 2FA was made required for back-end login. However, front-end customer logins still do not natively offer a similar 2FA option. There appear to be no third party extension solutions available from trusted Adobe certified partners, although there are a couple of "freeware" extensions published by individuals.

The Magento customer account typically contains a significant amount of Personally Identifiable Information (PII) such as names, billing and shipping addresses, phone numbers, order history and possibly contains gender, birth date, tax ID, etc. that is visible and editable by the customer upon successful authentication solely by a single password. Customers can also optionally store payment card information associated with their Magento account via the Vault for Card Payments feature of the included Braintree Payments extension.

Securing logins with MFA/2FA has become a best practice widely recommended to consumers and is becoming a requirement across a variety of industries. Complete absence of an integrated multi-factor or two-factor authentication option for customers who wish to further secure their PII is a significant security oversight for the Magento 2 platform.

[m2-assistant]

Hi @n2diving-dgx. Thank you for your report.
To help us process this issue please make sure that you provided sufficient information.

Please, add a comment to assign the issue: @magento I am working on this

---

• Join Magento Community Engineering Slack and ask your questions in #github channel.