What is Two-factor Authentication?
Authentication - the process of verifying your identity - boils down to one of three simple elements:
- Something the user knows (PIN, password)
- Something the user owns (mobile phone, device)
- Something the user is (biometric, retina, fingerprint)
Two-factor Authentication (2FA) is a combination of any two of these unique identifiers.
How does our 2FA plugin work?
With
Fortytwo’s 2FA WordPress plugin, the user only requires the username and password to login to their site (as per any standard login sequence) and a mobile phone to receive the one-time authentication code via SMS.
Our plugin is fully customisable and can be adapted to meet your specific needs, for example, you can assign 2FA to certain users depending on their specific administrative roles in Wordpress and disable 2FA for users when they are using a known or ‘trusted’ device for a specific period of time. Fortytwo’s Wordpress 2FA plugin offers the unique advantage of providing a highly customisable authentication process for users and provides an additional level of security when and as required.
What features does it include?
Fortytwo’s WordPress plugin comes with a myriad of features including the option to:
- activate or disable 2FA for registration and/or login allowing the user to login using a username, password and 2FA or just a username and password
- activate 2FA for login according to the user’s role in WordPress, for example, you can disable 2FA for certain users such as subscribers while maintaining 2FA for users with critical roles
- Activate 2FA as optional or mandatory option for users, so you can give to your user the option to activate 2FA or force the option by default.
- assign ‘trusted’ devices to specific users allowing the user - after their initial 2FA login - to validate their devices as ‘trusted’ for a specific time period, assigned by them in the settings. This option ensures that users aren’t required to enter an authentication code repeatedly with an assigned trusted device, after the initial 2FA login
- resend the authentication code after registration if the SMS was not received - this allows the user to request the authentication code after 60 seconds and/or change his phone number in the event that an incorrect phone number was submitted
- resend the authentication code after login if the SMS was not received - this allows the user to request the authentication code again after 60 seconds - this re-send option can also be disabled in the settings
- to customize the behavior of the 2FA as documented on the API including changes to the authentication code length and type (numeric, alpha or alphanumeric), case sensitive validation, options to log a response via a callback URL and customise sender ID ‘s visible to the users
Fortytwo’s 2FA Wordpress plugin supports 2FA for all Smart phones (iPhone, Android, BlackBerry), as well as basic phones.
Why use Fortytwo’s WordPress plugin?
- Security Incorporating 2FA in to the user login process, creates a level of protection and security for your WordPress site that complex passwords can no longer guarantee
- Customised functionality This is our first version of the plugin and we’re keenly interested in your feedback.
If there is additional functionality that you would you like to see, please let us know - we are happy to work on developing features to meet your specific requirements and endeavor to implement this in as short a time-frame as possible.
Installing "Fortytwo Two Factor Authentication plugin" can be done either by searching for "Fortytwo Two Factor Authentication" via the "Plugins > Add New" screen in your WordPress dashboard, or by using the following steps:
- Download the plugin via WordPress.org
- Upload the ZIP file through the 'Plugins > Add New > Upload' screen in your WordPress dashboard
- Activate the plugin through the 'Plugins' menu in WordPress