How to disable 2-factor authentication in Magento 2.4.0

Magento 2, 2 factor authentication

In previous versions of Magento, it was possible to enable 2-factor authentication (2fa) for admin users. In Magento 2.4.0 Adobe decided to kick the security up a notch and force 2-factor authentication for all backend users. Now, 2-factor authentication is great as it adds another layer of security in your webshop, but it can also be too much. Especially when you work by following DTAP where you have multiple environments (Development, Test, Acceptance, and Production).

Luckily for us, it is simple to disable this module. Just run this command:

php bin/magento module:disable Magento_TwoFactorAuth

And that's it! Now the module is disabled and you don't have to install/enter 2 factor authentication upon login. (ad)

Mage Dispatch is a newsletter for the community and by the community. Here you can share links that you think that the community should know about. We will include it in our next newsletter.

Warning: Do not do this in production

Magento forces 2-factor authentication for a good reason. Only disable this for non-production environments. Also: This makes a chance in app/etc/env.php. Make sure you don't commit this!

Do not this in production

You can make sure that you don't do this in production by including this step in your deployment process. To make sure you don't accidentally disable this on production you can add a step to enable it.


Mark Shust created a module that allows you to disable 2-factor authentication from the settings. The upside from this is that you change this on a per-environment basis and you can't accidentally commit the wrong settings (disabled module) to your codebase. Next to this, there is also the module of Wolfsellers, which seems to do the same. You can find it here.

Want to respond?