Skip to content

Enhancing TYPO3 backend multifactor authentication

Out of the box TYPO3 ships the possibility to secure backend accounts with one-time passwords (TOTP).

Unfortunately, only one such TOTP may be assigned to a single account.

Using multiple devices as secondary authentication factors (mobile phone, security keys, password managers) is not possible by default.

Container configuration to the rescue

Mostly, a second TOTP is already sufficent. Luckily, with a few lines of container configuration (aka Service configuration) it is possible to add the core's one-time password provider a second time to the list of available MFA providers.

By adding the following lines to your Configuration/Services.yaml file of your sitesetup, you are ready to roll:

  second-totp:
    class: TYPO3\CMS\Core\Authentication\Mfa\Provider\TotpProvider
    tags:
      - name: mfa.provider
        identifier: 'totp2'
        title: 'TOTP (backup)'
        description: 'LLL:EXT:core/Resources/Private/Language/locallang_mfa_provider.xlf:totp.description'
        setupInstructions: 'LLL:EXT:core/Resources/Private/Language/locallang_mfa_provider.xlf:totp.setupInstructions'
        icon: 'actions-qrcode'
        defaultProviderAllowed: true
        before: 'recovery-codes'
        after: 'totp'

 

This article applies to TYPO3 v11+