What is two-factor authentication and how to set it up on your website
You certainly know the importance of creating a website to generate business opportunities.
However, it is not enough to develop beautiful templates and get tools focused on SEO results. Your website also needs to be secure, which requires good practices such as strong passwords. Also, you must know what is two-factor authentication (or 2-step verification).
If your site is hacked, or in the event of a data leak or breach, some sensitive information can be lost — content from the blog, goods’ inventory (in e-commerces), list of leads, personal data collected through contact forms.
Therefore, in this article, we explain the importance of two-factor authentication and how you can use it on WordPress to keep your website safe.
You will see the following topics:
- What is two-factor authentication?
- What are the types of two-factor authentication?
- How to enable this feature in WordPress?
What is two-factor authentication?
Two-factor authentication is a feature that prevents unauthorized access in hardware, software, hosts, websites, and other IT assets, thus reinforcing digital security.
The process works as follows: after logging into a website or system, the second security layer is completed to confirm the user’s identity. This usually requires a temporary verification code in order to proceed with access. This code can be sent by email, SMS, and even by push notification.
The two-factor authentication is a password manager that provides higher protection against threats and intrusion. Indeed, even if someone obtains a username and password, they will probably not be able to login because the temporary code is only sent to the authorized device.
What are the types of two-factor authentication?
There are several ways to enable two-factor authentication, and we’ll present the main ones.
This method is known to be one of the most reliable and easily accessible. It can be found both in Google applications and in third-party apps, which allow you to register several accounts. Also, the authenticator app does not rely on a network connection to work.
The USB token is a hardware token that you plug into your device. As its content is encrypted, it is usually one of the less used two-factor authentication methods due to its limited use on public devices.
The magnetic card is an even more restricted method to user authentication because it depends on its own reader to work. This option is generally used within companies, by teams that don’t need to move out of the office.
SMS and email
This method is very traditional, and most people choose it because SMS and email are channels commonly used in Digital Marketing. First, the user receives an access code through these channels; then, they use it to log in.
Although the method seems simple, it is the most vulnerable because emails are susceptible to phishing attacks, and if someone gets access to your mobile phone number or email account, they can obtain the verification code sent and enter the system.
How to enable the two-factor authentication in WordPress?
Now, let’s talk about the steps that must be followed to activate two-factor authentication on your WordPress site.
Step 1: choosing the authentication plugin
The easiest way of installing a WordPress plugin is to use the plugin search. Go to “Plugins”, click on “Add new”, and find the plugin by typing its name or the functionality you are looking for. In this case, write Google Authenticator or two-factor authentication to choose another one type.
Step 2: installing the plugin
After that, you will see a list. You can choose the plugin and click on the “Install Now” button next to it. WordPress will now download and install the plugin for you.
Then, you’ll notice the “Install Now” button will change into ‘Activate’. A WordPress plugin can be installed on your site, but it will not work unless you activate it. So go ahead and click on “Activate”
You’ll also need to install the Google Authenticator app on your mobile device. It is available for both Android and iOS. After downloading and installing it, you can choose the security form you prefer: bar code or security key provided.
Back to WordPress dashboard, go to “Users”, select the user who should perform security in two steps and look for the Google Authenticator Settings.
Within the settings, you will find the following options:
- Active: check this box and your blog will use Google Authenticator;
- Relaxed Mode: allows users to have more time to enter the code. Usually, Google authenticator code expires every minute; with this mode, it will be available for up to 4 minutes;
- Description: the description will act as your account name in the Google Authenticator app;
- Secret Key: it is the mobile app key needed if you are not using the QR code.
Next, click on “Update profile”. From then on, when accessing the login page of your WordPress site, in addition to “Username” and “Password”, you will need to enter the “Google Authenticator code”.
The code will be generated by the mobile application and, after entering it, you will be able to access your WordPress dashboard.
If you lose your mobile device, it won’t be possible anymore to generate the code and log into the WordPress dashboard. For this reason, you need to access it by FTP, following these steps:
- access the “File Manager” on your hosting server;
- go to “wp-content”, then access “plugins” and rename the folder “authy-two-factor-authentication”.
Thus, the authenticator will be deactivated and you will be able to access the WordPress page login that asks only for a username and password.
However, if you want to keep the authenticator, you can check it through your host’s cPanel. When accessing it, look for the two-factor authentication option and follow the steps outlined. If you have any questions, we suggest you to seek support from the server.
Now, you understand what is two-factor authentication. By adopting this method, you will increase security on your website. Keep in mind that digital security also requires good practices on how to use plugins and reliable resources.
Improving your security, but not improving your pagespeed is not enough if you want to have a successful website. Check out the speed of your pages and how to improve it with our Analyzer! It’s free!