Two-factor authentication is being implemented in more and more online services such as social networks to improve security and prevent identity theft.
Double authentication to increase security in WordPress
The benefits of using double authentication are multiple:
- Security layer. It offers a layer of security against possible password attacks. It performs a double authentication, so it verifies the user in a more definitive way.
- Increases productivity and flexibility. Since it allows users to use corporate applications thanks to the greater security it offers.
- Reduce fraud and create secure online connections.
Does that mean I’m safe with two-step verification?
No. By definition, no system connected to the network is 100% secure. However, it has reduced the risk of data theft by adding an additional level of security.
Multi-factor authentication is based on user identification based on three principles:
Something I have
Mobile, FIDO Device
Something I know
Something I am
Fingerprint, facial recognition, etc.
Therefore, this layer of security is also highly recommended to use in our websites made in WordPress. Thinking that we manage web networks, web pages with user information and sales in online stores. This recommendation is made by Javier Casares, and that is why I started to secure our logins.
To do this, it is necessary to use this plugin:
It allows you to perform double authentication with the following methods based on Something I Have:
- Time-based one-time password (TOTP).
- FIDO U2F security keys.
- Backup verification codes.
The simplest is email, but it’s tedious, which makes you check email every time you want to log in.
The one I recommend would be the time-based TOTP, and you can use different applications such as:
- Google Authenticator
- Microsoft Authenticator
Until now I used the Google option, but it also generated me to have to go to the mobile and consult the codes and enter them by hand.
1Password and WordPress 2FA option
This is my option that I have managed to make fast and safe.
Once we have installed the Two Factor plugin, we will have to go to the user’s profile edition to activate the different 2FA options. In this case, I use the second one which is the one-time password.
The QR serves so that our Password Generator App, can be linked to our website (rest assured that the QR I have on my website is not that… hehe).
If we use 1Password, in addition to the normal password, we can add the one-time password, as seen below in adding more in the password edition.
Then, we scan the QR code from 1Password:
Once we save the unique password option, we already have the password generator option:
And we are left with a very simple configuration, that I have decided on this system. We log in to the website:
And in the next step, 1Password enters this generated password with which it is very easy and fast. You no longer have to go to a different device and you maintain double authentication.
This system is the one I have implemented from now on. If we think about it, it would also be a triple counting on 1Password even unlocking it using fingerprint.
From now on, you should take it into account especially in online stores, and websites with a lot of traffic. Think if they entered your website in administrator mode, what they could do… how to change the payment method, etc …