Two-factor authentication on WordPress: What you need to know about 2FA
Two-factor authentication (2FA) provides an extra layer of data protection, is very easy to use, and is something everyone on the WordPress platform should use. That's according to CTO and Chief Technology Officer at Dekode, Henning Hovland.

DATA SECURITY: You always lock your house and car, and you usually take precautions for storing passports, bank cards and other important documents. So why shouldn't you do the same with personal data on the internet?
Opens the information vault in 1-2-3
Usernames and passwords as the only security mechanism are a very vulnerable solution against several types of data attacks. The purpose of two-factor authentication is to add an extra layer of security. It stops many of the different methods of attack from working.
- Many users of computer systems use passwords that are very easy to guess. Dedicated computer programs are set up to test an infinite number of combinations. When the system has no limit to the number of failed login attempts, it's easy for unauthorized people to gain access. They open your information vault in 1-2-3," explains Henning Hovland, CTO of Dekode.
Your information can be traded on the "dark web"
Henning Hovland, CTO of Dekode

- Many people also use the same combination of usernames and passwords on several platforms, which means that unauthorized persons can gain access to a wealth of personal and sensitive data," says Hovland.
Buying information on the dark web
However, it's not just the person who hacks your password who gets to "enjoy" your information. In the worst case scenario, your data can be traded on the dark corner of the internet - "the dark web".
- It's easy to access lists of email addresses with associated passwords on the "dark web". There, unauthorized persons simply download and buy lists of usernames and associated passwords," Hovland warns.
Major consequences
In other words, if you haven't activated two-factor authentication, you should do so as soon as possible, according to Hovland:
- Everyone should use 2FA to secure their accounts beyond the password they create themselves. If a user's password is hacked, it could have major consequences. It can expose data that could potentially be sensitive for the company you work for or for you as an individual. A typical example is identity theft or trade secrets going astray.
How to enable two-factor authentication
We recommend that all our customers implement two-factor authentication via WordPress' own "Two-Factor" extension. Two-factor authentication can be implemented in several different ways, and "Two-Factor" supports several methods. We recommend that you choose either "Email" or "Time-limited one-time password". This is how it works:
Users log into WordPress in the usual way with a username and password. However, an extra step is added where the user must enter a one-time code to log in. This one-time code is sent to the user via the email address linked to the user account. Once the one-time code has been entered from the email, the user is logged in in the normal way. Activation of this strategy does not require any configuration from each individual user.
Users log into WordPress in the usual way with a username and password. However, an extra step is added where the user must enter a time-limited one-time password to log in.
This time-limited one-time password is automatically generated and is available in the time-limited one-time password app selected by the user. If the one-time password is entered before the time has expired, the user will be logged in as usual.
If you choose this solution, all users will be required to configure an app for a time-limited one-time password the first time they log in. It is possible to use any app that supports the Time Based One-Time Password (TOTP) standard. One of the most popular apps is "Google Authenticator". This app does not require any subscription or account and can be downloaded for free for Apple devices (iOS) and Android devices.
Since this strategy requires some effort from users, we recommend informing them about the new login procedure and suggesting which app they should use before implementing two-factor authentication.
Does your company or organization need a safe and reliable security system against data attacks? Then get in touch with us at [email protected].