Two forms of authentication are better than one.
There are three ways to prove you’re authorized to access an online account:
- With something only you know (a password).
- With something only you have (a smartphone or a token).
- With who you are (a fingerprint or face scan).
Two-factor authentication – aka two-step authentication, aka 2FA – involves using a combination of the above factors. The most common example is entering a password (a thing you know) to log in and then having to verify your log-in attempt by entering a second, temporary code that is sent to your smartphone (a thing you have).
In that 2FA setup, a fraudulent user would need both your password and your smartphone, which makes your account many times more difficult to hack.
WordPress and 2FA
You should use 2FA for your WordPress account for the same reason you should use it on any other account: because it’s safer.
WordPress makes 2FA simple to configure with your mobile device so that you receive a notification on your smartphone each time you, or anyone else using your login, attempts to access your account using your password and username.
Businesses that want an extra layer of security can install a plugin that enables fingerprint-based 2FA so that, instead of a mobile-device notification with a passcode or other verification, you can be asked to perform a fingerprint scan instead. RapID Secure Login and Keyy are examples of such plugins.
Why 2FA Is So Important
Because most hacks start with password credential theft, and two forms of authentication are better than one when it comes to protecting your website and any user data from unauthorized access. Even if your password does get compromised, you’ll find out pretty quickly once you start receiving unsolicited login requests on your second factor.
Two-factor authentication is also valuable if you’re the type of person who used the same password across multiple accounts. And let’s face it – most of us are guilty of that.