When my smartphone crashed in January 2019, I quickly discovered the issues involved with having a two-factor authentication method that only sent info to an app on my smartphone.
Since my phone wasn’t working, I couldn’t access many accounts as well as WordPress websites where I depended on authentication from a mobile app.
Argh!
Luckily I had access to web host accounts where I could disable the two-factor authentication plugin.
It was frustrating and time-consuming to work through all the changes.
After I replaced my smartphone, I searched for alternative two-factor or multi-factor authentication options that didn’t rely on a mobile app authentication.
My requirements:
- Easy to use and configure
- Multiple options for authentication
- Primary and secondary authentication options
- Security key authentication option
- Backup codes
- Users can choose which authentication method to use
I reviewed about a dozen options before I discovered the plugin that fit my requirements.
Two-Factor
For anyone looking for an easy-to-use customizable two-factor or multi-factor plugin to protect their WordPress website, the Two-Factor plugin is an option to consider.
The Two Factor plugin offers:
- Email codes
- Time Based One-Time Passwords (TOTP) using Google Authenticator
- FIDO Universal 2nd Factor (U2F)
- 10 Backup Codes for each user account
- Dummy Method (available for testing purposes)
The plugin is free and has a five-star rating in the WordPress plugin repository.
As of November 18, 2019, the plugin has been translated into 16 languages.
Why I Like It
It’s been 11 months since I started using Two-Factor for authentication on WordPress sites and it’s effortless to use. That’s the kind of plugin I love!
I want quick access to my site and the client WordPress sites I create and manage.
Since Two-Factor is customizable for individual users (under their profile), each user can choose which method they want to use for authentication.
The ability to set up a primary and secondary method for authentication is helpful when your first authentication method isn’t working.
In addition, generating the one-time backup codes is quick and easy.
The plugin generates 10 backup codes at a time. Reminder: store them in a safe place.
How the Plugin Works
Once you’ve installed Two-Factor, you’ll find a new Two-Factor Options section added to your User Profile in the Dashboard under Users > Your Profile.
Select which options you want to enable, and choose which of the options will be your primary authentication method.
If you choose to use a Security Key, you’ll need to register your keys.
Be certain to pay attention to which methods you mark Enabled and Primary. Select Update Profile to save your choices.
Summary
The Two-Factor plugin is one of my go-to plugins for WordPress sites. I like that it’s not dependent on a mobile app and that it provides users choices as to what authentication method they want to use.
Easy-to-configure, regularly updated, and maintained by several developers who regularly contribute to core WordPress puts my mind at ease.
Have you used the Two-Factor plugin? If yes, share your experience and tell me what you like best about the plugin in the comments.