The addon Two Factor Authentication integrates X-Cart with that simplifies and strengthens the security of your account. Two-Factor Authentication system can be used to protect each type of accounts: admin or customer.

The addon Two Factor Authentication levels up user account protection by adding a necessity to confirm the username and password with a one-time SMS code to log in. Even if Authy server is compromised, the hacker will have no usernames or passwords, as these sensitive details are NOT stored on their end.

To start using the addon, make sure it is installed and enabled.

The addon requires an account with Authy. You can get one here if you haven’t registered with Authy yet.

After the addon has been enabled, proceed to the addon settings page to configure it:


You will need to set up the following paramethers:


  • API key : Specify the APY key from your account.

    If you do not have an account yet, follow the steps below to create an Authy API Key:

    • Create a Twilio account here
    • Create an Authy application in the Twilio Console.
    • Once you’ve created a new Authy application, copy the API Key for Production available in the Settings page of your Authy application. See the image below for reference: tfa-authy-api.png
  • Production mode : Enable if you don’t need to test the integration and are ready to use the addon in production mode.
  • Use two-factor authentication for the customer interface : Enable if you need the two-factor authentication option to be available to customer accounts.
  • Use two-factor authentication for the administrator interface : Enable if you need the two-factor authentication option to be available to admin and vendor accounts.

Once configured, the addon addes the Country phone code and Phone number fields to a user account.


The values for these fields should be specified by a user when creating an account.


Alternatively the values can be specified by the store admin in the respective user profile (Users -> User list -> User profile). Also the cart admin can enable the Require to change password on next log in option for a user profile, so that a user is forced to renew the account password and specify the phone to enable the two-factor authentication for his account.

Admin verificatontfa-admin-verification.png
Customer verificationtfa-customer-verification.png