Are you looking to implement two-factor authentication on your Joomla site(s)? Welcome to the party! Joomla offers two great 2-factor authentication options out of the box: Google Authenticator (as recommended by Google themselves), and Yubikey (I know a guy who can hook you up. Seriously.) And both of them work great. You can enable it for the frontend or backend, or both.
Unless you’ve got K2 installed.
With K2 installed, the K2 “advanced” profile will kick in on the front page. When you’ve enabled 2FA for the front end (no matter what plugin) and you want to configure two-factor authentication, you won’t see an option. If you want to tweet “Oh MY GOD JOOMLA, YOUR SHIT IS BROKEN”, don’t.
It’s K2’s “User profile” that’s to blame. It gives you the option to add an avatar, an URL and to write a bio (so you can spam websites to death), but it takes away all the good stuff. Including the two-factor authentication options.
There’s a work around, of course. There always is. And it sucks, because it limits two-factor authentication to admins unless you want to setup all your users’ accounts.
So, the only real solution is to take the fall, and disable the K2 profile. (Solution if you want those avatars / bio’s: give back-end access to authors – let them update their own stuff there. Simple. Front-end editing blows anyway.)
How it’s done
Update: You can check out our video on how to disable the K2 Profile.
In the backend, do the following:
- Go to Components > K2.
- Click “Parameters” in the top right corner.
- Open the “Advanced” tab.
- Find the option “Enable K2 User Profile”, and set it to “No”.
Now, when you (or your visitor) visits his profile (hint: setup a link to make their life easier), they can enable the 2FA option of their choice, and follow the simple steps to enable them.
Remember kids, don’t yell “JOOMLA IS BROKEN” when your plugins are to blame.