You know when you log in to Facebook and it asks if you want to add a further layer of protection by adding an authentication process and you ignore it because you think ‘No thanks, I just want to snoop on Aunt Mel and her baby drama’?
Facebook is actually trying to get you to do a good thing - I know that’s a surprise to me too, but it’s true. It might seem like yet another ploy to make you wait for the gossip, but it means your very private conversations with Aunt Emma about Aunt Mel can stay a secret - and let’s be honest, your family doesn’t need those conversations becoming public knowledge.
Let me trackback… Two-factor authentication is the name given to the process of adding an extra layer of security to your login, be it receiving a confirmation email of your recent login attempt, or a text message, or an app notification.
Two-factor authentication (or 2FA) is designed to keep your data secure and unwanted snoops out of your accounts. A lot of companies have adopted the technology in recent years, and encourage users to take it on, for the sake of an extra 30-45 seconds during the login process, but a lot of users haven’t adopted it.
When it comes to making sure your website is secure - although I’d also be tempted to secure those gossip-filled Facebook chats too - there is nothing more important than adding as many ways to minimise hacking attempts as possible.
2FA is a really straightforward and strong, secure way of doing this.
2FA for WordPress can prevent unwanted password requests from unknown sources, account blocking, wp-admin scripting and more. There is no secret about issues regarding WordPress security, which have rumbled on for years, and 2FA won’t eliminate all security risks, but it will go a huge way to preventing website hacks via traditional and not-so-traditional means.
Insecure or stolen passwords account for 81% of website attacks according to a security report from Panda.
When you have 2FA in place you can customise authentication to your requirements, so it can be enforced for specific users, or all users, to suit your team’s requirements.
Authentication can come in various forms, as previously mentioned, so you can receive email authentication or app authentication - these are the two most reliable forms of authenticity.
App authentication requires users to download an app and scan a QR code, once completed the code refreshes every 30 seconds and needs to be inserted once the user has tried to log in. False authentications are notified by the plugin. Email authentication relies on email deliverability and reliability, and there are some risks in case someone accesses your emails, but this can largely be avoided by maintaining different, regularly updated, secure passwords for all of your accounts.
All of Thrive’s clients are offered websites with extremely secure passwords, to minimise the risk of this, but even with 2FA it’s not impossible to prevent, but having 2FA can massively reduce the risk as it makes the task so much harder for hackers that they are more likely to move on to an easier target - a site that isn’t two-factor authenticated.
If you are interested in finding out more about 2FA or for some advice about how to maintain and keep your WordPress website secure, please contact our team on 01327 778786 or hello@thriveability.co.uk.