Two-factor authentication on WordPress: What you need to know about 2FA

Two-factor authentication (2FA) provides an extra layer of data protection, is very easy to use, and is something everyone on the WordPress platform should use. That's according to CTO and Chief Technology Officer at Dekode, Henning Hovland.

Photo: Shutterstock

DATA SECURITY: You always lock your house and car, and you usually take precautions for storing passports, bank cards and other important documents. So why shouldn't you do the same with personal data on the internet?

Opens the information vault in 1-2-3

Usernames and passwords as the only security mechanism are a very vulnerable solution against several types of data attacks. The purpose of two-factor authentication is to add an extra layer of security. It stops many of the different methods of attack from working. 

- Many users of computer systems use passwords that are very easy to guess. Dedicated computer programs are set up to test an infinite number of combinations. When the system has no limit to the number of failed login attempts, it's easy for unauthorized people to gain access. They open your information vault in 1-2-3," explains Henning Hovland, CTO of Dekode.  

Your information can be traded on the "dark web"

Henning Hovland, CTO of Dekode
Henning Hovland, CTO of Dekode

- Many people also use the same combination of usernames and passwords on several platforms, which means that unauthorized persons can gain access to a wealth of personal and sensitive data," says Hovland.

Buying information on the dark web

However, it's not just the person who hacks your password who gets to "enjoy" your information. In the worst case scenario, your data can be traded on the dark corner of the internet - "the dark web".

- It's easy to access lists of email addresses with associated passwords on the "dark web". There, unauthorized persons simply download and buy lists of usernames and associated passwords," Hovland warns.

Major consequences

In other words, if you haven't activated two-factor authentication, you should do so as soon as possible, according to Hovland:

- Everyone should use 2FA to secure their accounts beyond the password they create themselves. If a user's password is hacked, it could have major consequences. It can expose data that could potentially be sensitive for the company you work for or for you as an individual. A typical example is identity theft or trade secrets going astray.

How to enable two-factor authentication

We recommend that all our customers implement two-factor authentication via WordPress' own "Two-Factor" extension. Two-factor authentication can be implemented in several different ways, and "Two-Factor" supports several methods. We recommend that you choose either "Email" or "Time-limited one-time password". This is how it works:

Does your company or organization need a safe and reliable security system against data attacks? Then get in touch with us at [email protected].