• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / Adding two-factor authentication to your website

Adding two-factor authentication to your website

2013-04-10 by Jason

Last week, WordPress.com introduced two-step authentication as an optional feature for WordPress.com blogs. It utilizes the Google Authenticator app for iPhone, Android, or Blackberry smartphones. If you don’t have a smartphone the secondary password can be sent to you in a text message, your phone being the “something you have”. For self-hosted WordPress sites, it was mentioned in the comments that the feature might come to WordPress.org blogs through the Jetpack bundled plugin. However, there are a few solutions already available to self-hosted WordPress sites and Drupal.

Two-step authentication and two-factor authentication. Are the differences just semantics? Standard security likes to summarize authentication factors as something you know (a password), something you have (a key or ID badge), and something you are (biometrics like fingerprints or retinal scans). The Google Authenticator app gives you a second factor with the something you have being your phone.

2sa

Google Authenticator is a popular one-time passcode generator because it works on many platforms (Android, iOS, and Blackberry) and Google has it implemented for use with Google accounts and other services like Dropbox and LastPass also utilize it.

You can implement Google Authenticator as a two-factor authentication to your self-hosted WordPress site using the Google Authenticator plugin. You install the plugin and go to your user profile within WordPress to configure Google Authenticator with your secret by scanning a QR code or entering it manually. With this plugin, you can configure an exception to allow XMLRPC connections so you can still use the Android/iOS WordPress apps though it does lessen the impact of implementing two-factor authentication a bit.

Drupal also has a Google Authenticator login module that allows you to boost the security of your Drupal website with two-factor authentication.

Back to WordPress, Google Authenticator isn’t the only option when it comes to implementing two factor authentication.

You can use the yubikey-plugin in order to make your WordPress site compatible with Yubikey USB tokens. The implementation can be configured per user.

yubikey

A little lower tech, another WordPress plugin called Perfect Paper Passwords which implements two-factor authentication a little differently using the Perfect Paper Passwords system by GRC. Your website generates a list of one-time passwords to use and provides you with a print-out of the passwords. As long as you keep that credit card-sized paper secure, you have implemented multi-factor authentication far cheaper than using a hardware-based token.

paper pwd

Each of these plugins add a third line below username and password where you can enter your one-time passcode. With the Perfect Paper Passwords system, it tells you which code it is looking for.

ppp wp login

Filed Under: Security and Privacy, Webmaster

Trending

  • Hidden Easter Eggs in Software and The Security Implications
    In Code, Media, Security and Privacy, Software
  • McAfee Anti-Spyware Can Prevent Deployment of Adobe Flash For IE
    In Security and Privacy, Software, System Administration, Tech Solutions
  • Windows 8 Action Center: Find and install an antispyware app online (Important)
    In Security and Privacy, Software, Tech Solutions

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Creating and editing views in phpMyAdmin Creating and editing views in phpMyAdmin
  • Configure Outlook to recurring appointments for the last weekday of the month Configure Outlook to recurring appointments for the last weekday of the month
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business
  • Benefits of End-To-End Testing That Will Match Company Expectations Benefits of End-To-End Testing That Will Match Company Expectations
  • 3 Key Features of Pets Health Monitoring Systems 3 Key Features of Pets Health Monitoring Systems
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers
  • Full guide on drawbacks and benefits of Node.js for making the perfect choice for your business

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in