Two-Factor: An Authentication Plugin

Here at Designerly, we choose plugins and sites to feature based on the knowledge our audience wants and what we feel will be most helpful. There has been a lot of buzz lately about cybersecurity, so we decided adding info about a two-factor authentication plugin might help a few of our small business owner readers out there. 

The players in the authentication field include big names and small apps. However, we decided to go with a community plugin because it is frequently updated, free to use and constantly being improved. The plugin is available for download on WordPress.org and is quite simply named “Two-Factor.”

Two-Factor Features

With over 70,000 active installations, the plugin has around 71 reviews and a five-star rating. It is a community plugin, meaning any WordPress developer can improve the plugin in an open source environment. 

Some of the features of the plugin include: 

• Email Codes 
• Backup Codes 
• Time-Based One-Time Passwords 
• Testing Mode 
• Based on FIDO Universal U2F

The plugin is easy to install and setup and offers basic 2FA capatibilities. You won’t be able to assign 2FA to only certain user roles, but most smaller websites won’t need that level of authentication anyway. 

The multi-factor authentication market is $19.02 billion and expected to hit $26.7 billion by 2027. As more consumers and employees become cybersecurity savvy, expect them to demand protection through 2FA and other methods. Two-Factor is an excellent and inexpensive solution. 

Download the plugin from WordPress.org or in your WP dashboard under Plugins/Add New. Once installed, activate the plugin and you’re ready to go.

Cost of Two-Factor

There’s no cost to use the Two-Factor plugin. It is open source software that people contribute to, donating their time. It is available for personal and commercial use. You can read more about the contributors and the versions on the WordPress site. 

How to Install and Use Two-Factor Plugin

Once you have the plugin installed on your WordPress website, activate it and move on to the settings. You also need to choose the ways you’ll allow users to authenticate. 

Step 1: Setup Individual Users

Once you’ve activated Two-Factor, go into your users and you should see a new option to choose 2FA. Click on the blue text and you’ll go to a 2FA dashboard where you can adjust settings and use any authenticator app you’d like by scanning the QR code. Click on the tab that says “Settings.”

Step 2: Adjust Settings to Suit Your Needs

You’ll see a summary of users and their roles. Also, whether 2FA is active or inactive. You can then set 2FA roles as enabled or disabled. Some of the options you can choose, include: 

• Remembering device for 30 days 
• Require 2FA for XML-RPC call authentication 
• WooCommerce integration 
• Enable reCAPTCHA 
• Whitelist IPs to bypass 2FA and reCAPTCHA

The software lists a few plugins where you may have to adjust settings, such as Jetpack. 

Step 3: Test Logins

Have users test the login to ensure the verification codes arrive safely and the system works as intended. You can always go in and remove two-factor authentication as an administrator if things aren’t working properly. 

Pros and Cons of Using Two-Factor Authentication

As with any change to how you conduct business, 2FA has both pros and cons. 

Pros

• Compliant with GDPR and other regulations
• Protects your site from hackers
• Eliminates much of the fear of phishing attacks
• Adds peace of mind
• Easy to install and use

Cons

• Adds an extra step to an already busy schedule
• Users can get locked out if they don’t save backup codes or can’t access authentication methods
• May interfere with other plugins

Some sites benefit greatly from more security, such as e-commerce stores or financial institutions. Blogs and personal sites may find the process aggravating and unnecessary. Assess the amount of personal data you keep and how crucial it is to keep it secure before deciding whether 2FA is right for your website. 

All Sites Benefit From Enhanced Security

If you decide 2FA isn’t right for your needs, you can still enhance your security. Add a firewall, instruct users to be cautious about sharing login information and develop wise practices to keep hackers at bay. Many sites will benefit from this free and easy plugin, though. Give it a try. It’s free and if you don’t like it, you can always disable it and try something else.