WordPress, Joomla and Drupal users recently received some disappointing news as one of the most popular two-factor authentication solutions, Clef, announced that they are shutting down their operations on June 6, 2017.
What Is Two-Factor Authentication?
Two-factor authentication offers an extra layer of security in addition to the traditional username and password method of logging into an account. This makes it more difficult for hackers to gain unauthorized access to user accounts. You’ve likely used two-factor authentication and may not even have realized it. Anytime you are required to enter a pin or answer a security question (like your mother’s maiden name) when logging into an account, you are using a form of two-factor authentication.
Many solutions will send a one-time passcode to the user’s smartphone that is required to log into the account. This means that even if a hacker is able to crack the username and password, they will be unable to log into the account without access to the user’s smartphone.
In recent years, solutions like Clef have taken two-factor authentication security measures to another level. Clef was particularly popular because all you needed to do to log into your site was open the Clef mobile app and use your phones camera to sync up with the Clef Wave animation found on your computer.
Even though Clef was a popular two-factor solution, particularly for WordPress, there are plenty of alternatives to consider.
Setting up Duo two-factor authentication for your site only takes only a few minutes to. All you need to do is sign up for the Duo service and install the plugin on your site. Duo offers both one-tap authentication through the use of Duo’s mobile app as well as one-time passcodes.
Authy is designed to make security especially easy, even for users who are running their first WordPress site. They know that security shouldn’t be painful. Authy provides you with a security token through text messaging or by a phone call. Use this code, in addition to your username and password, to log into your account.
miniOrange may be one of the more flexible two-factor security solutions available. It supports one-time SMS passcodes, push notifications and mobile authentication. miniOrange offers a free plan as well as more advanced plans with additional features and support.
Rublon is a popular solution thanks in part to offering authentication via email, in addition to the traditional phone option. Just scan the Rublon code generated on your login screen with your phone to confirm your identity and access your account. Add Rublon to your site with ease with it’s 1-click download and 1-click activation.
The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry. If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail, Dropbox, Lastpass, Amazon etc. The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.
If You need to maintain your blog using an Android/iPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin, but please note that enabling the App password feature will make your blog less secure.
2FAS Light – Google Authenticator
SECURE YOUR WORDPRESS ADMINISTRATION AREA WITH 2FAS LIGHT PLUGIN.
Every time you log in to a WP-admin panel, 2FAS Light plugin checks if the device has already been trusted. In case the device has not been trusted, the user will be asked for a security code generated by Google Authenticator mobile app. 2FAS plugin also works with other mobile applications that generate tokens, such as: Microsoft Authenticator, Authy, Free OTP, 2STP, OTP Auth.
GET INSTANT PROTECTION AGAINST:
When undergoing a brute-force attack, your password can be discovered by the attacker. This is the only vulnerability you will experience with 2FAS Light. 2FAS’s Light intelligent security feature provides a finite amount of time in which the attacker access the correct token. After the access period has ended, the attacker is locked out for security reasons.
Many people use the same password or a similar password for many online services. Repeatedly used passwords remain are vulnerable in cyberspace. Using the 2FAS Light plugin on your WordPress site makes access without a 2FAS Light registered device very difficult.
PHISHING AND KEYLOGGER ATTACKS
If you’re not completely sure that the devices used by you or your subusers are completely free of keyloggers and viruses, then using 2FAS Light to protect your WordPress site from security breaches is a great solution!
Any password discovery attempt is useless with 2FAS Light. Without the token generated by your 2FAS Light, conventional access to your WordPress site is almost impossible.
How Safe Is Two-Factor Authentication?
You may have read about a few documented incidents where an SMS code can be intercepted. In reality, two-factor makes site attackers lives extremely difficult because they need to intercept your SMS code in addition to your username and password. That’s no easy task, nor should it be.
You’re welcome to view two-factor authentication as another layer of security. You can lump it in with important protocols like setting secure passwords as well as keeping both your site software and plugins up to date.
The Bottom Line
There will undoubtedly be new WordPress two-factor authentication options that will hit the market with the void left by Clef. The good news is that there are plenty of quality options available for your site.
While you may not like the first option or two as you try them, you’re bound to find one that works well for you. Remember, when you want a site that comes pre-configured with the best security settings, choose A2 Hosting and Their A2 Optimized WordPress setup.
Do you have a favorite two-factor authentication solution? Is there one we didn’t mention? We’d love to hear about it and for you to share it within the A2 Hosting community in the comments below!