Support

Your IP address is in the IP Whitelist or in one of the two allowed IP areas in the Configure WAF page. As a result any request coming from this IP does not have any security check performed, including two factor authentication.

Please note that Admin Tools' two factor auth feature is going to be retired in the future. A much better implementation was added in Joomla! 3.2 by yours truly. As you'll be upgrading in a couple of weeks to Joomla! 3.2 you needn't worry much about Admin Tools' feature.

The new Joomla! 3.2 feature is MUCH better. Since I was writing a core Joomla! feature I was allowed to modify core code (something I couldn't do when writing Admin Tools). For starters, each user can have his/her own Google Authenticator code. In other words, if you have ten Super Users each one has a different secret code, making the implementation much safer. Then you can select if this feature will be available only to the back-end, only to the front-end or both in the front- and back-end. I recommend the latter: both front- and back-end. It's more secure.

In addition to Google Authenticator I also added support for YubiKey two factor authentication in Joomla! 3.2. If you've never heard of it it is an inexpensive (~20 US Dollars) hardware token that plugs in a USB port. The idea is: go to your site, enter your username and password, click on the Secret Code field, plug in the YubiKey to a USB port in your computer and touch its button. The YubiKey produces a secret code which is then validated both on your site and through a third party service. This is even more secure and easier to use than Google Authenticator.

On top of that Joomla! 3.2 has a much better password encryption algorithm (bCrypt instead of salted MD5) and a massively improved "Remember Me" functionality. All these featured combined offer an excellent upgrade in your site's security.