nopCommerce Two-Factor Authentication (2FA) – OTP over SMS

nopCommerce Two-Factor Authentication (2FA) plugin adds an extra layer of authentication, making your nopCommerce stores more secure. Two-factor authentication, or 2FA, is another name for this sort of MFA, which improves the security of your nopCommerce websites. To protect sensitive data, you must verify that the users attempting to access it are who they say they are. With 2FA, it is possible to protect user passwords and accounts against security threats such as phishing, brute-force attacks, credential exploitation, and others. Role-based 2FA, Domain-based 2FA, IP whitelisting, Customizable KBA questions, Reset 2FA method, Customizable Email and SMS template, Configure Your Own SMS and Email Gateway, and other features are available through the nopCommerce Two Factor Authentication (TFA) plugin. Follow the step-by-step guide to configure nopCommerce 2FA using OTP over SMS.

1. Download & Installation

• Download the nopCommerce Two-Factor Authentication (2FA) plugin.
• Extract the zip file, you can find the plugin install files for different nopCommerce versions.
• To install the plugin, login as admin into your nopCommerce site or store. In the admin dashboard, navigate to Configuration Tab >> Local plugins.
• On the top right corner of the page select the Upload plugin or theme button. Upload the 2FA plugin install file compatible with your nopCommerce site from the extracted plugin folder. Follow the instructions further to install the plugin.

2. Configure OTP over SMS

• Enable two-factor authentication for users as indicated in the image below. All users will have 2FA enabled except the administrator.
• To enable 2FA for administrators, toggle the 2FA for Admins.

• In the SMS tab, click on Configure.

• NOTE: Please register with miniOrange before configuring 2FA with any one of the SMS methods.
• To set up nopCommerce two-factor authentication with OTP over SMS, click on Configure.

• Type in the phone number along with the appropriate country code where you want the OTP sent and click on Get OTP.

• Enter the OTP received over SMS and click on Verify OTP.

• The Configured tag shows that OTP over SMS has been successfully configured.
• Enable the toggle to activate OTP over SMS method for your nopCommerce store.

3. Test OTP over SMS on nopCommerce Login

• Login into your nopCommerce store.

• Click on Next to proceed.

• Click on Setup to configure OTP over SMS for nopCommerce.

• Enter the phone number along with the appropriate country code where you want the OTP sent and click on Get OTP.

• Enter the OTP received over SMS and click on Verify OTP.

• Enter the OTP to confirm your identity.

• You have successfully used two-factor authentication (2FA) to log into your nopCommerce store.

Additional Resources

• Two Factor Authentication (2FA) for ASP.NET
• Two Factor Authentication (2FA) for nopCommerce
• Two Factor Authentication (2FA) for Umbraco