Two Factor Authentication module integrates X-Cart with that simplifies and strengthens the security of your account. Two-Factor Authentication system can be used to protect each type of accounts: admin or customer.

If the Two Factor Authentication module levels up protection to user accounts by adding a necessity to confirm the username and password with a one-time SMS code to log in. Even if Authy server is compromised, the hacker will have no usernames or passwords, as these sensitive details are NOT stored on their side.

To start using the module make sure it’s installed and enabled.

The module requires an account with Authy. You can get one here if you haven’t registered with Authy yet.

When enabled proceed to the module settings page to configure it:


You’ll need to set up the following paramethers:


  • API key : Specify the APY key from your account.

    If you don’t have an account as yet follow the steps below to create an Authy API Key:

    • Create a Twilio account here
    • Create an Authy application in the Twilio Console.
    • Once you’ve created a new Authy application, copy the API Key for Production available in the Settings page of your Authy application. See the image below for reference: tfa-authy-api.png
  • Production mode : Enable if you don’t need to test the integration and are ready to use the module in production mode.
  • Use two-factor authentication for the customer interface : Enable if you need the two-factor authentication option to be available to customer accounts.
  • Use two-factor authentication for the administrator interface : Enable if you need the two-factor authentication option to be available to admin and vendor accounts.

When configured the module addes the Country phone code and Phone number fields to a user account.


The values for these fields should be specified by a user when creating an account.


Alternatively the values can be specified by the store admin in the respective user profile (Users -> User list -> User profile). Also the cart admin can enable the Require to change password on next log in option for a user profile, so that a user is forced to renew the account password and specify the phone to enable the two-factor authentication for his account.

Admin verificatontfa-admin-verification.png
Customer verificationtfa-customer-verification.png