Hey world, my website password is 358337! I trust ever yone of you but by the time you have read this my password as already changed. Its now 4891212, you have 15 seconds to try it…..
Site security has been a constant concern for site admins. The admin login page stands as a giant target for potential intruders. Joomla sites in particular have a history of backend login attacks. Its not hard to figure out the login page for most Joomla sites, its usually www.website.com/administrator. With my Joomla 2.0 sites I would redirect the backend page to fake login page and kept a separate actual login site that was not as well known. This worked quite well but still was not bulletproof, I would still get alerts of failed login attempts.
New with Joomla 3.0 they have added two layer authentication. It works great! I haven’t had any backend security issues yet. It pushed me to upgrade all my sites to Joomla 3.0 for this feature alone. They offer an option with a hardware token or using a software app. I opted to use Google Authenticator and their app on my phone. It really works great. If you encounter any issues ensure that the time is the same on the authenticator device and the computer your using to login with. I did have an issue once where a computers time fell out of sync from a Domain Controller, that can really mess with Two Layer Authentication systems. Which makes since. These systems work by running a algorithm on both sides.
Google Authenticator also gives you a couple of temporary passwords. Be sure to keep these in a safe spot in case you do have to troubleshoot any issues. These can be a lifesaver.
Sleep well knowing your sites are protected with another layer of security!
This video shows how to set it up and configure it: