Many services are now offering two-factor authentication as an added security measure. Two-factor authentication requires a code from an external app, or an SMS to be entered as well as your regular password.
What Is A Two-Factor Authentification (2FA)?
A Two-factor authentication system (aka 2FA) is a security method that requires two different ways of proving your identity. Two-factor systems are far more secure than passwords alone.
Twitter, Google, LinkedIn and Dropbox, and many other services are now offering this service, as an optional extra security add-on.
So what can be used as an authentication factor? The two authentication factors can be one of the following:
- Something you know: like a password or the answer to a security question ;
- Something you have: like a security code sent on your mobile phone ;
- Something you are: we don’t mean emotions or personality. Think more along the lines of biometric data such as your fingerprints.
Do You Need Two-Factor Authentication?
First, it’s a practical way to really step-up your security easily when it comes to what we call the user login sequence.
Second, securing your website is your number 1 priority right? Well, then get on it!
Third, even if you think your password is strong enough, chances are, it’s not. In the modern connected world, the one we work in or the one we use to conduct our business, a password is the weakest link. No matter how strong it is, chances are, someone can hack it. Sorry.
Where Should I Use 2FA?
Ideally, you should use a 2FA everywhere you store any type of personal data, as well as accounts that have payment information linked to them. This includes, but is not limited to:
- Your email accounts
- All your social media accounts
- Your bank online account
- Any of your payment accounts
- Your shopping accounts
- Your cloud storage service
- Your gaming accounts
Unfortunately, not all services are offering a 2FA. However, you can add it on your website easily today.
How Can I Turn It On?
You may have heard of GetClef.com a very good plugin and service. Unfortunately GetClef will be down in june 2017.
Or you may have heard of Google Authenticator, but maybe you don’t like Google stuff, so what next?
There’s a different kind of 2FA available; one with no password required. It’s called PasswordLess.
We integrated this 2FA module in our plugin SecuPress Pro. A single checkbox and it’s done.
SecuPress 2FA Setting
Now when you want to log in, just fill your email address, you will receive a unique link with which you can be logged in, once:
Login screen with SecuPress 2FA: PasswordLess
As you can see, the password field disappeared. You can chose which roles are affected if you just want administrator accounts more secure.
If the user account is not affected, (s)he will have to fill the password as a second step, same field as before:
The old password field, alone.
The 2FA requires that you be logged into your email account.
It’s a great bonus for those of us that have a tendency to forget our passwords or the password to our password manager. Think of it as a magic link to save you from yourself…and from hackers wanting to get into your website.
Conclusion
For us, the PasswordLess 2FA is an indispensable security measure for your WordPress website. Even if a two-factor authentication doesn’t mean that your account is immune to attacks, it makes your accounts more resilient against hackers be cause they need to crack more than a simple password now.
