Default two-factor authentication
Two-factor authentication (2FA) is now enabled by default in the Magento Admin and cannot be disabled. Following an update to EU legislation (the Payment Service Directive (PSD2)) last year that made 2FA mandatory for online merchants that take payments over £30, this update comes as no surprise and will likely be welcomed by most platform users. This extra step of authentication makes it harder for malicious users to log in to the Admin without authorization.
Security-only patch
Security-only patch 2.3.5.2 (I know. Catchy, right?) has been provided with Magento 2.4 to allow merchants to install time-sensitive security fixes without having to apply the hundreds of functional fixes and enhancements that they would usually be required to do for a full quarterly release.
This patch provides fixes for vulnerabilities that were identified from the Magento 2.3.5-p1 release - including all hot fixes (these being fixes that addressed a specific problem or bug) that were applied to the 2.3.5 release.
More information on this and instructions on how to download and apply the patch can be found in the Magento DevBlog posts.
Payment methods – third-party removals and updated integrations
Those who favour the use of PayPal Express Checkout integration will be pleased to know that it has now been migrated to the latest PayPal JavaScript SDK. Although the bottom-line behaviour of the payment method will remain unchanged, the SDK upgrade will allow merchants to access the latest features and security enhancements directly.
Perhaps the update that will require the most merchants to act, is the removal of Authorize.Net and Braintree payment methods from Magento’s core code. Again, down to PSD2, Magento have decided to remove these core payment integrations as they risk becoming outdated and no longer security compliant in the future.
Magento have recommended that merchants transition to their corresponding marketplace extensions so that customer payments remain secure and are not declined.
The below outlines the specific integrations that have been removed from Magento’s 2.4.0, along with their recommended replacement extensions:
Payment Method Integration & Recommended, official extensions
Authorize.net & Authorize.net (Direct Post): https://marketplace.magento.com/authorizenet-magento-module-authorizenet.html
CyberSource: https://marketplace.magento.com/cybersource-global-payment-management.html
eWay: https://marketplace.magento.com/eway-eway-rapid-magento2.html
Users of Worldpay, however, have been recommended to contact the payment provider and query what solution they recommend, to comply with PSD2 requirements
Seller-assisted shopping
One of the most potentially useful features for merchants to come from this update is the ability to view the storefront on behalf of customers. This will be useful in assisting tasks such as placing orders on their customers’ behalf.
Customers will have to allow for access to be granted, and if approved, administrators can log in to customer accounts on a per-website basis.
This will be compatible with multiple websites and customer account scopes, and all sessions will be destroyed following administrator logout, with no access to customer passwords being provided or required at any point.
Improved search terms
A new default search engine has been introduced with this version’s release, Elasticsearch. This will now support the use of partial words in search terms for product names and SKUs when using quick search – a massive help to those managing a store with thousands of products.
New media gallery
I think I can safely say that anyone who uses Magento can get a little frustrated with its seeming lack of a media gallery. But Magento 2.4 may just be here to save us, as the replacement media gallery will offer administrators a searchable interface for Magento media assets. This means there’ll now be the ability to search, filter, and sort images up to 30x faster than in the earlier version of this feature.
Super techy stuff
There’s also massive amounts of updates with Magento 2.4 that will bring no-end of assistance and relief to Magento developers, as well as Magento administrators. This includes updates to CMS content adding/editing, the catalog functionality, cart and checkout workflows, Adobe stock integrations, and so much more! You can take a look at the entire list of the fixes and updated functionalities in Magento 2.4.0’s release notes.