If you are a client of The Whit Group, you probably know that we build almost all websites in WordPress. It’s a feature rich platform, but because of its huge market share it is a frequent target of hackers. Therefore, we provide all our hosting clients a robust security solution via our WordPress Security Bundle. This bundle includes the use of a two-factor authentication solution for all admin accounts in our client sites.
What Is 2-Factor Authentication?
If you are wondering what 2-factor authentication (2FA) is, don’t worry you are not alone. However, you probably are aware of it and don’t even know it. Does your bank send you a text message or an email with a code you need to enter when you try to access your account online? Or have you ever been asked to give your mother’s maiden name or favorite sports team when logging into a website? If so, then you already are familiar with the concept. In fact, almost every social media app in broad use today offers 2FA to its users.
Two-factor authentication is simply a process of confirming a person’s identity by requiring two methods of verification.
Why Is Two-Factor Authentication Important?
As hackers get more sophisticated, providing additional security measures to access private or confidential information has become a necessity. Technology is rapidly changing and the traditional means of accessing and securing accounts may one day become a thing of the past. In the meantime, it’s important to consider all measures that can mitigate risk to corporate and personal information being compromised. One of these measures is two-factor authentication.
By requiring two methods of identity verification to access online accounts, the risk of that account getting hacked falls tremendously.
How Does Two-Factor Authentication Work?
Two-factor authentication solutions require users to verify their identity by entering a verification code (typically a numerical code) that the user receives or generates when attempting to login to an account. The user most often receives this verification code in one of three ways:
- Sent to them via SMS message
- Sent to them via email
- Generated and accessed via a 3rd party authenticator app on the user’s mobile device
Once received/generated, the user enters this code during the login process to verify their identity and then is granted account access. Without this code the account cannot be accessed, even if the user has the proper user id and password.
What Setup Is Required?
As a client of The Whit Group, there is little to no setup on your side, as we handle this for you. However, in general, setting up 2FA is simple but varies based upon the application being used. For WordPress, there are industry plugins that can be leveraged to provide this functionality. Once installed, configuring the plugin requires 1) enabling the solution for each user account 2) selecting the authentication method and 3) providing the authentication details based on the selected method (i.e. phone number for SMS, email address for email, scanning of a QR code if using an authentication app).
Regarding the 3rd party authenticator app method, there are several apps in the market. The Google Authenticator app has been integrated in many 2FA solutions. It works by requiring a user to download the app to their mobile device, scan a barcode from within the app during the 2FA setup to associate the app to the website, and then use the app to generate verification codes each time the user wants to access their account. The nice thing about this solution is that it doesn’t require access to SMS or email to leverage it.
So What Do You Have To Do?
In summary, if we host your WordPress website there really isn’t much for you to do as we take care of the setup. However, in a broader sense, the importance of two-factor authentication has never been higher than it is right now. Whether it’s your personal email account, an online storage account, or any other service that offers 2FA, we strongly encourage you to take advantage of this security measure. As mentioned earlier, technologies are advancing that may one day render passwords a thing of the past. Until then, setting up 2FA is easy and is one more layer of protection for your personal information.