Two-factor authentication is being implemented in more and more online services such as social networks to improve security and prevent impersonation.
Tabla de contenidos
Dual authentication to increase security in WordPress
.The benefits of using two-factor authentication, are manifold:
- Layer of security. It provides a layer of security against possible password attacks. It performs double authentication, so it verifies the user in a more definitive way.
- Increases productivity and flexibility. As it allows users to use corporate applications thanks to the increased security it offers.
- Reduces fraud and creates secure online connections.
Does-that-mean-I’m-safe-with-two-step-verification?
.No. By definition, no network-connected system is 100% secure. However, it has reduced the risk of data theft by adding an additional level of security.
Multi-factor authentication is based on the identification of the user based on three principles:
Something I have
.Mobile, FIDO device
Something I know
.Password
Something I am
.Fingerprinting, facial recognition, etc
Therefore, this security layer is also highly recommended to use it in our websites made in WordPress. Thinking that we manage web networks, websites with user information and sales in online stores. This recommendation is made a lot by Javier Casares, and hence I set about securing our logins.
To do this, you need to use this plugin:
That allows you to perform double authentication with the following methods based on Something I have:
.- Email.
- Time-based one-time password (TOTP).
- FIDO U2F security keys.
- Backup verification codes.
The simplest is the email one, but it is tedious, which makes you check your email every time you want to log in.
.
The one I recommend would be the time-based TOTP, and you can use different applications like:
- Google Authenticator
- Microsoft Authenticator
- LastPass
- 1Password
Until now I was using the Google option, but it also caused me to have to go to my mobile and look up the codes and enter them by hand.
Option 2FA from 1Password and WordPress
.This is my option that I’ve managed to make fast and secure.
We’ve got this option for you.
Once we have installed the Two Factor plugin, we will need to go to edit the user profile to activate the different 2FA options. In this case, I use the second one which is the one-time password.
.
The QR is used for our App password generator, can link to our website (calm that the QR I have on my website is not that … hehe).
If we use 1Password, in addition to the normal password, we can add the one-time password, as seen below in add more in the password edit.
Then, we scan the QR code from 1Password:
Once we save the one-time password option, we already have the password generator option:
And we are left with a very simple configuration, which is why I decided on this system. We log in to the Web page:
And in the next step, 1Password enters the generated password, making it very easy and fast. You no longer have to go to a different device and you keep the two-factor authentication.
This system is the one I have implemented from now on. If we think about it, it would also be a triple counting on the fact that 1Password even unlocks it using fingerprint.
I have a very good idea.
From now on, you should take this into account especially in online stores, and websites with a lot of traffic. Think if they would enter your site in administrator mode, what they could do… like changing the payment method, etc… .
What method do you use
?
Leave a Reply