Secure admin area with Google Authenticator

Nowadays, a password is no longer sufficient for sensitive areas, because any password can be hacked, given sufficient criminal energy.

Security is provided by a so-called second factor.

In this case, this second factor is your mobile phone and the "Google Authenticator" app on it.
How does it work?

1. You log into the shop normally.
2. However, as soon as you click on the "Admin" button, you will be asked for a 6-digit code. Now you open the app on your mobile phone. It will display a code for 60 seconds. Now enter this code in the shop.

So anyone who wants to break into your shop not only has to know the admin password, but also be in possession of your mobile phone and be able to unlock it.

Broken mobile phone, what now?

Should you ever lose access to your mobile phone, any programmer to whom you give your FTP access data can switch off the 2-factor authentication via the database. This is a matter of a few minutes. For security reasons, this cannot be done "at the push of a button" by other admins, otherwise we would make it too easy for attackers.