A Quick Method to Disable 2 Factor Authentication on Joomla’s Backend

It’s been a long while since you have last updated the content of your Joomla website, but you decided, on a Sunday afternoon, to do just that.

So, you navigate to the login page of the backend of your Joomla website, and you see a curious “Secret Field” input field. You ignore it, and you just try to login with your good old username and password, but when you do that, you see the following error message:

Warning: The two factor authentication Secret Key is invalid.

You try to login again, but you see the same error, and you finally realize that you just can’t leave that “Secret Field” input field empty, but you don’t know what to put in there. So, you start searching your emails and any documents that you have for that “Secret Field”, but you find none: someone who had (and may still have) access to the backend of your Joomla website added Two Factor Authentication to the login but didn’t tell you anything about it (maybe he forgot to do that or maybe he didn’t).

Since you’re not sure who that “someone” is (or maybe you’re sure but that “someone” has gone MIA), you decide to disable that Two Factor Authentication, but you don’t know how. Luckily, we’re here to help: here’s a concise and comprehensive (no, that is not an oxymoron, we checked) guide on how to do that:

Login to phpMyAdmin through your WHM/cPanel/other account.
Select the database powering the Joomla website.

Run the following queries:


UPDATE `#__extensions` SET `enabled` = '0' WHERE `name` = 'plg_twofactorauth_totp';
UPDATE `#__extensions` SET `enabled` = '0' WHERE `name` = 'plg_twofactorauth_yubikey';

Note: You should replace #__ with your table prefix.

That’s it! Close your browser and then go to the login page again and you will see that the “Secret Field” is gone.

Is there an easier way to disable the Two Factor Authentication?

Well, no, unless, of course, you can access the backend of your Joomla website with an empty “Secret Field” (or you already know what the “Secret Field” is). In that case, you can just disable it the following way:

Login to the Joomla backend.
Click on Extensions -> Plugins.
Under Select Type on the right side select twofactorauth.
Disable all the plugins that are enabled there, namely Two Factor Authentication – Google Authenticator and Two Factor Authentication – YubiKey (you can easily disable a plugin by clicking on the green checkbox next to its name).
That’s it!

We hope that you found our guide on disabling the Two Factor Authentication useful. If you need help with the implementation, then please contact us. We will do it for you swiftly, professionally, and affordably. You will also gain true and reliable friends in the Joomla realm!

No comments yet.

At itoctopus, we're here to help you with your business! That's our promise to you. Whether you're looking for urgent programming help in the middle of the night, or you need help expanding your website, or you need to claim your projects for R&D, then you're at the right place. We have served a lot of customers since 2001, and we'll be happy to serve you!

If you want to fix an urgent issue (for example, your website is down), then give us a call at 514 961 2804, this line is at your service 24/7/365!
Call Now: 514 933 8036
Just give us a call if you need help on your website, and you'll be surprised how friendly, efficient, and fast we are! Oh, and we genuinely care about your business! (International clients please call +1 514 933 8036)

A Quick Method to Disable 2 Factor Authentication on Joomla’s Backend

Leave a comment