Which TOTP applications are compatible?

The module respects the TOTP standard (RFC 6238). It works with: Google Authenticator, Microsoft Authenticator, Authy, 1Password, Bitwarden Authenticator, FreeOTP, and any standard TOTP app. No dependency on a third-party service.

What happens if an employee loses their phone?

On pairing, 10 single-use recovery codes are generated. One of them lets the employee log in and re-pair. If the employee has also lost their recovery codes, a Super Admin can reset their 2FA from their profile.

Can 2FA be made optional for some profiles?

Yes: 2FA can be enabled globally (mandatory for all) or per employee profile (Super Admin mandatory, but Logistics optional for example). Granular configuration from the module.

How is the secret protected?

The TOTP secret is encrypted with AES-256 in the database — even read-only access to your SQL doesn't allow regenerating codes. Each attempt is logged with rate-limiting to slow down brute-force attacks.

Multistore compatible?

Yes, fully. 2FA is configured per employee, and each employee can be active across multiple sub-stores with a single pairing.

Are there external dependencies?

No. Everything is local: no third-party service, no SMS, no Google or other service. The PrestaShop server generates and verifies the codes itself based only on the system clock and the shared secret.

What's needed for it to work on the server side?

Your PrestaShop server clock must be synchronised (NTP). A drift of more than 30 seconds between server and employee phones would cause invalid codes. All modern hosting has NTP by default, so this is only a point of attention for custom servers.

2FA Google Authenticator PrestaShop 8 — Back-office two-factor authentication

2FA Google Authenticator for PrestaShop

Two-factor authentication to harden your back-office.

The password is no longer enough. With 2FA Google Authenticator, every login to the PrestaShop back-office also requires a 6-digit code generated by a TOTP app on the employee's phone (Google Authenticator, Authy, 1Password, Microsoft Authenticator, etc.). Global or per-profile activation, recovery codes in case of phone loss, attempt auditing. The security layer that native PrestaShop does not provide.

PrestaShop 8.0+ TOTP RFC 6238 standard AES-256 Multistore Audit logs Recovery codes

30-day refund

12 months updates

24h support

The long version

Everything you'd want to know before you install.

A detailed look at how 2FA Google Authenticator for PrestaShop works, why we built it the way we did, and the thinking behind the features above.

§ 01

Why 2FA on PrestaShop

The PrestaShop back-office is the #1 target of attacks on your store. A compromised admin password (via phishing, leak from another app, dictionary attack) means direct access to your orders, your customers, your source code. 2FA adds a second layer: even with the password, the attacker can't log in without the phone. Over the past six years, more than 80% of documented PrestaShop intrusions would have been prevented by an active 2FA.

§ 02

TOTP standard, no proprietary service

The module follows the RFC 6238 (TOTP) standard — the same as Google Authenticator, Authy, 1Password, Microsoft Authenticator, etc. This means your employees use the app of their choice, without installing a specific app. If your company already has 1Password, 2FA simply adds itself to existing secrets. No third-party service, no per-user cost, no external dependency.

§ 03

Progressive configuration

2FA can be enabled globally (all admins must use it) or per employee profile (Super Admin mandatory, other profiles optional). This allows progressive rollout: start with sensitive profiles, observe team reaction, then generalise. Activation from Preferences → 2FA Google Authenticator.

§ 04

Handling phone loss

The scenario "I can't log in anymore, I changed my phone" is anticipated at two levels. First safety net: 10 single-use recovery codes, generated at the initial pairing. The employee keeps them in their password manager or printed in a safe. Second safety net: a Super Admin can reset an employee's 2FA from their profile in one click. The next login will request the initial pairing again with a new QR code.

§ 05

Security and audit

Each employee's TOTP secret is encrypted with AES-256 in the database — even read-only SQL access doesn't allow regenerating codes. Every attempt to enter the 2FA code is logged with success/failure, employee, IP, date. An excessive number of failures on an account triggers an automatic temporary lock to slow down brute-force attacks.

2FA Google Authenticator for PrestaShop

The short version.

Compatible with any TOTP app

Granular configuration

Recovery codes

Security and audit

Everything you'd want to know before you install.

Why 2FA on PrestaShop

TOTP standard, no proprietary service

Progressive configuration

Handling phone loss

Security and audit

The long list.

What's shipped.

The fine print.

License & delivery

Compatibility

What actual users say.

Reviews

Anything still unclear?

2FA Google Authenticator for PrestaShop

Compatible with any TOTP app

Granular configuration

Recovery codes

Security and audit

Why 2FA on PrestaShop

TOTP standard, no proprietary service

Progressive configuration

Handling phone loss

Security and audit

License & delivery

Compatibility

Reviews

Modules often bought together.