What is two phase authentication?  I’ll tell you, it’s an additional control you can add to you WordPress site to increase security.

Phase One

The first phase of authentication is your standard WordPress login user ID and password.

Phase Two

You are asked to enter a code which is sent to a device, usually your mobile phone.

Types Of Phase Two Authentication

There are a number of ways the code for phase two here are some examples:

  • An app that give you a code
  • You are sent a text message with a code

Phase Two Has An Expiration Date

The code sent your device has an expiration date, usually just a few minutes.  This means you have to act quickly and login with your code.

If you try to use an expired code, you will not be able to authenticate correctly.

Always With You Device

The beauty of this process is that the code is sent to a very personal, always with your device, your mobile phone.

A hacker could crack your user ID and password but they would have to go to another extreme level and find you and then steal your device to complete the process.

I like to think of security as a series of layers of control, the more layers the more annoyance you give to the hacker.

My Preferred Tools For Two Phase Authentication

My preferred tool is from Google and it’s called Google Authenticator, it is an app you install on your phone and a plugin you install on your site.  Here are the links.

Google Authenticator for WordPress

Android App

Apple App

VIDEO – Two Phase Authentication In Action

Here is a video walk though of me creating a user with 2 Phase authentication.

 

Wrap Up – What Is Two Phase Authentication?

It’s an additional level of authentication.

Just because you have 2 phase authentication activated, does not mean you are 100% safe, if the hacker has ftp access they can deactivate the plugins or create a new user which is not authenticating.

As I said previously I think of security as a multiple layer cake, the more layers, the tighter the security.

Do you need help hardening the security of your WordPress site, why not get a quote.

Photo Credit: drpeterrath Flickr via Compfight cc