What is two phase authentication? I’ll tell you, it’s an additional control you can add to you WordPress site to increase security.
The first phase of authentication is your standard WordPress login user ID and password.
You are asked to enter a code which is sent to a device, usually your mobile phone.
Types Of Phase Two Authentication
There are a number of ways the code for phase two here are some examples:
- An app that give you a code
- You are sent a text message with a code
Phase Two Has An Expiration Date
The code sent your device has an expiration date, usually just a few minutes. This means you have to act quickly and login with your code.
If you try to use an expired code, you will not be able to authenticate correctly.
Always With You Device
The beauty of this process is that the code is sent to a very personal, always with your device, your mobile phone.
A hacker could crack your user ID and password but they would have to go to another extreme level and find you and then steal your device to complete the process.
I like to think of security as a series of layers of control, the more layers the more annoyance you give to the hacker.
My Preferred Tools For Two Phase Authentication
My preferred tool is from Google and it’s called Google Authenticator, it is an app you install on your phone and a plugin you install on your site. Here are the links.
VIDEO – Two Phase Authentication In Action
Here is a video walk though of me creating a user with 2 Phase authentication.
Wrap Up – What Is Two Phase Authentication?
It’s an additional level of authentication.
Just because you have 2 phase authentication activated, does not mean you are 100% safe, if the hacker has ftp access they can deactivate the plugins or create a new user which is not authenticating.
As I said previously I think of security as a multiple layer cake, the more layers, the tighter the security.
Do you need help hardening the security of your WordPress site, why not get a quote.