OXID Security Module V. 3.0

Release date: 12-05-2026

Features

V. 3.0 introduces two-factor authentication (2FA) in the OXID Security Module: protect your customers’ storefront logins with a one-time code delivered by email.

After installation or update 2FA is disabled by default — both shop-wide and per customer. Enable 2FA shop-wide as the shop admin so your customers can switch on the feature themselves in their account.

Fixes

CAPTCHA validation has been moved from the User class to the UserComponent class. As a result, OXAPI logins are no longer blocked when CAPTCHA verification is enabled.

Known limitations

Logins in the admin backend are not protected by 2FA. The protection currently applies only to storefront logins (customer accounts).
OXAPI and 2FA are currently mutually exclusive. Accounts with 2FA enabled cannot authenticate via OXAPI. Such accounts must keep 2FA disabled to continue using OXAPI.

Update

For update instructions, see Upgrading from V. 2.x to V. 3.x.

OXID Security Module v: 3.0

Versions: 1.0; 2.0; 2.1; 3.0

Languages: DE; EN