Secure your WordPress site with Two-Factor Authentication

April 26, 2016

blogwordpress

Fortytwo have developed a fully customisable WordPress plugin to add Two-factor Authentication (2FA) to your WordPress site. 2FA is a powerful way of increasing security by simply adding a layer of authentication to the standard login credentials.

What is 2FA?

Authentication – the process of verifying your identity – boils down to one of three simple elements:

  • Something the user knows (PIN, password)
  • Something the user owns (mobile phone, device)
  • Something the user is (biometric, retina, fingerprint)

2FA is a combination of any two of these unique identifiers and typically involves something the user knows and something the user owns.

How does our 2FA plugin work?

With Fortytwo’s 2FA WordPress plugin, the user simply requires the username and password to login to their site (as per any standard login sequence) and a mobile phone to receive the one-time pass code via SMS.

Our plugin is fully customisable and can be adapted to meet your specific needs, for example, you can assign 2FA to certain users depending on their specific administrative roles in WordPress and disable 2FA for users when they are using a known or ‘trusted’ device for a specific period of time. Fortytwo’s WordPress 2FA plugin offers the unique advantage of providing a highly customisable authentication process for users and provides an additional level of security when and as required.

What features does it include?

Fortytwo’s WordPress plugin comes with a myriad of features including the option to:

  • activate or disable 2FA for registration and/or login allowing the user to login using a username, password and 2FA or just a username and password
  • activate 2FA for login according to the user’s role in WordPress, for example, you can disable 2FA for certain users such as subscribers while maintaining 2FA for users with critical roles
  • assign ‘trusted’ devices to specific users allowing the user – after their initial 2FA login –  to validate their devices as ‘trusted’ for a specific time period, assigned by them in the settings. This option ensures that users aren’t required to enter an authentication code repeatedly with an assigned trusted device, after the initial 2FA login
  • resend the authentication code after registration if the SMS was not received – this allows the user to request the authentication code after 60 seconds and/or change his phone number in the event that an incorrect phone number was submitted
  • resend the authentication code after login if the SMS was not received – this allows the user to request the authentication code again after 60 seconds – this re-send option can also be disabled in the settings
  • to customize the behavior of the 2FA as documented on the API including changes to the authentication code length and type (numeric, alpha or alphanumeric), case sensitive validation, options to log a response via a callback URL and customise sender ID ‘s visible to the users

Why use Fortytwo’s WordPress plugin?

  • Security
    Incorporating 2FA in to the user login process, creates a level of protection and security for your WordPress site that complex passwords can no longer guarantee
  • Customised functionality
    This is our first version of the plugin and we’re keenly interested in your feedback. If there is additional functionality that you would you like to see, please let us know – we are happy to work on developing features to meet your specific requirements and endeavor to implement this in as short a time-frame as possible.

Is my device supported?

Fortytwo’s 2FA WordPress plugin supports 2FA for all Smart phones (iPhone, Android, BlackBerry), as well as basic phones.

How do I get Fortytwo’s 2FA WordPress plugin?
Find out how to install the WordPress plugin from the WordPress site here.

For more information about Two-Factor authentication and what Fortytwo can do for you, please contact our dedicated team at sales@fortytwo.com

 

Tweet about this on TwitterShare on Facebook20Share on Google+0Share on LinkedIn0Email this to someone