What is Two Factor Authentication?

Passwords are required on virtually every site in which you must log in.  As good as passwords are for protecting your information they are not perfect. Think of all the news stories you have heard in the last few years about server breaches and the leaking of passwords and other personal information. You may have even received notification yourself to change your password because of these breaches. Your passwords are stored on that site’s servers and therefore are only as good as the security of that server.

Logging in with a password is known as single-factor authentication. It relies only on the password you created for that website. Two factor authentication uses, you guessed it, two different forms of identification to prove your identity. Generally a password is one of those two steps and many times your phone, email, or text messaging is another way to authenticate your identity. In theory the second method of the two factor authentication process relies on something only you have access to.

The most common form of two factor authentication today is using your regular password and an SMS text to your smartphone as the second factor. After your enter your password, you are sent a text message with a unique code. Then  you enter that unique code and will be allowed access. Since your smartphone is something that only you have (in theory) then this is considered far more secure than a simple password alone, and it is. However, SMS is not a secure communication channel which is why smartphone apps and plugins have been developed to create a secure channel to be used.

The biggest challenge we see today with two factor authentication is that the average person does not want to have to take an additional step to be verified. We live in a world of instant gratification and want everything to be as easy as possible. Most websites do not require two factor authentication because users are less likely to sign up for and log into a service if it is more difficult.

That being said, we see many of the most popular email providers, such as Google, Outlook and Yandex, offer two-factor authentication using the same options as mentioned above. When giants such as these use two factor authentication you can be sure it is a proven security procedure and one we should institute ourselves.

One question may come to mind as you read this. What if you don’t have your phone or access to your email? Then you are locked out of your website, right?

Not really. Good two step authentication systems will offer another method. They may allow you to generate “emergency codes” and keep them in another location. That way if you do not have your phone or access to your email you can still login by entering that emergency code.

Now that you know and understand a little more about what two factor authentication is, how do you implement it on your WordPress site? Actually, it’s pretty easy. There are numerous plugins available to help you set it up.

WordPress Two Factor Authentication Plugins

Here are a few popular ones to get you started. You can also search for two factor authentication plugins in the WordPress.org plugin repository.

Google Authenticator
Wordfence (also an excellent overall security plugin)
iThemes Security (also an excellent overall security plugin)
WordPress 2 Step Verification
Two Factor

In this article we have covered two factor authentication for WordPress websites. While is is not a perfect method, it is a valuable security option you should consider implementing on your site. As with any and every other form of WordPress security this is only one of many strategies you should have in place to protect your website. Continue to come back for more articles on WordPress security and protecting your interests online.