Two factor authentication is rapidly making its way across many websites. It started with banking, then social media sites and now is spreading fast across other websites too. Why? Because it is a very reliable way to minimise the efficacy of brute force attacks and drastically lowers the chances of losing access to your website through hacking.
I recommend all WordPress website owners set up two factor authentication. Here’s what you need to know.
If you log into a website and it sends you a text with a code to input on the site, asks a question you have to answer or uses a dongle to provide an extra code, that is two factor authentication. You log in with your usual website credentials, one factor. Then perform another verification step for the second factor.
While it might seem new, two factor authentication has been with us for years. Any time you have had to provide your CVV for a card transaction or when calling your bank and answering security questions you have been performing two factor authentication. It is an added layer of security that few bots can tackle. That’s why it’s so successful.
We can instigate two factor authentication with a WordPress plugin. There are a few available and they tend to work pretty well. Here are a few of your options.
Clef is one of the most popular two factor authentication plugins right now. It is available as a free download and requires an app to be installed on your phone. Unusually, Clef doesn’t use a password or code. Once configured on your site, the Clef page within the admin panel shows a wave. The mobile app uses your phone’s camera to sync with that wave and you’re in.
The app might look a little intimidating at first, but it is relatively simple to set up. Install the plugin and the app on your phone, set a PIN and select log in with phone. The rest is easy.
Google Authenticator is already used by some larger websites and by Gmail so you may already have it installed. The WordPress plugin is simple to set up, just download and install. Then log into the Play Store on your phone and download the Google Authenticator app. Activate the plugin, navigate to Users and then Your Profile, click the Active checkbox and give your website a good description. Open the authenticator app on your phone, click the plus sign to add a new site, point the camera at the QR code on the computer screen and that’s it.
When you log into WordPress, you will need to add your usual credentials plus the code you get by accessing the Google Authenticator app on your phone. That’s it!
If you want to know more about Google Authenticator, Joy of android has an excellent piece covering everything you need to know.
Two Factor Auth is another plugin that utilises Google Authenticator. It’s a simple setup, simply download, install and activate. Select your authentication of choice by navigating to Settings and then Two Factor Auth. Then perform the same steps as above every time you log in. Simples!
Two factor authentication is a powerful security measure that is simple in its execution and very effective in its operation. I recommend every WordPress user installs it!