Blog

2fa

2Factor Or not to 2Factor that is the question

Two Factor Authentication is all the rage. The latest and must have for any security conscious website owner or developer right? But what actually is Two Factor Authentication? How does it affect you? And why should you even bother with it? Luckily for you all those questions and more are answered below.

 

What is Two Factor Authentication

Two Factor Authentication or 2FA if you want to write it shorthand is an extra layer of information required to login to your account. Despite a popular myth that two-factor authentication is only SMS based, it can actually be any piece of information that only you know or have physical access to. While the most used method of two-factor authentication is indeed SMS based, there are variances in what two factor can be including a physical access key on you (even in the form of a USB stick) through to unique PIN/pass codes generated one time by your bank to log you in, which is in addition to your password.

Not sure what Tickera is? Go here to find out!

 

Google first introduced 2FA to its online services in 2011 with rivals quickly following suit.

 

2FA is unique in the fact the code required to access your account is generated one time only and is only sent to your device. For example, if you use 2FA on your Google account and someone manages to guess your password, unless they also happen to have physical access to your phone they won't be able to log in; saving you both time and hassle.

Apple also uses 2FA for Apple Accounts whereby if someone tries to login and correctly guess both your Apple ID and password, you'll be prompted on any of your apple devices whether that be an iMac, MacBook or iPhone with a one-time passcode that is required on the device that is trying to access your account. Before that though, Apple actually shows a warning saying that another device is requesting access to your account with a map of the location. This keeps all those important memes... Ok family photos, safe.

Other forms of 2FA also include using your finger print to get access granted after using your username and password.

 

How does 2 Factor Authentication effect you?

Simply put, it doesn't if you don't want it to. You should though, by enabling Two Factor Authentication you'll be keeping your accounts more secure along with all your data. But what about when 2FA goes wrong? Good point. As many 2FA systems use SMS based one-time pass codes, if for some reason your phone has no signal you won't receive the text with the code, meaning you can't log in. Most large international companies now allow you to add a backup phone which is often a good idea, meaning the one time pass can be sent to that phone if your usual one is down.

Both Google and Github also offer one-time use codes that you can download and get access to your account even if you've lost your phone... or you know dropped it down the toilet and broke it. That way you can log in, and either change the device or add a new device.

 

So Should I include Two Factor Authentication on my WordPress site?

This will depend entirely on what type of WordPress site you have, some end users simply don't like what they see as hassle with a 2FA system, others want it and won't register without it leaving you in an awkward position. Some 2FA plugins allow you to only enable it for specific user levels which can work quite well. This means you can enable it on all important accounts such as admins, editors, and contributors while leaving it disabled for the general subscriber.

If you're looking at Two Factor Authentication plugins take a look at https://wordpress.org/plugins/tags/2-factor-authentication/ for some of the free plugins available directly on WordPress.org

 

Conclusion

Two Factor Authentication is an important aspect of any modern website and should be used to ensure user security and the security of user data on your site by requiring all admins use 2FA. Do you use 2FA on your site? Ever had issues with using 2FA? Let us know in the comments below.

Jack Kitterhing is a WordPress developer from England. His love of WordPress began at age 11 when he set up his first blog. After a stint as WPMU DEV's Project and Quality Assurance Manager, he's now a Software Developer at Themeco.
Leave a Reply

Your email address will not be published. Required fields are marked *