• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / Adding two-factor authentication to your website

Adding two-factor authentication to your website

2013-04-10 by Jason

Last week, WordPress.com introduced two-step authentication as an optional feature for WordPress.com blogs. It utilizes the Google Authenticator app for iPhone, Android, or Blackberry smartphones. If you don’t have a smartphone the secondary password can be sent to you in a text message, your phone being the “something you have”. For self-hosted WordPress sites, it was mentioned in the comments that the feature might come to WordPress.org blogs through the Jetpack bundled plugin. However, there are a few solutions already available to self-hosted WordPress sites and Drupal.

Two-step authentication and two-factor authentication. Are the differences just semantics? Standard security likes to summarize authentication factors as something you know (a password), something you have (a key or ID badge), and something you are (biometrics like fingerprints or retinal scans). The Google Authenticator app gives you a second factor with the something you have being your phone.

2sa

Google Authenticator is a popular one-time passcode generator because it works on many platforms (Android, iOS, and Blackberry) and Google has it implemented for use with Google accounts and other services like Dropbox and LastPass also utilize it.

You can implement Google Authenticator as a two-factor authentication to your self-hosted WordPress site using the Google Authenticator plugin. You install the plugin and go to your user profile within WordPress to configure Google Authenticator with your secret by scanning a QR code or entering it manually. With this plugin, you can configure an exception to allow XMLRPC connections so you can still use the Android/iOS WordPress apps though it does lessen the impact of implementing two-factor authentication a bit.

Drupal also has a Google Authenticator login module that allows you to boost the security of your Drupal website with two-factor authentication.

Back to WordPress, Google Authenticator isn’t the only option when it comes to implementing two factor authentication.

You can use the yubikey-plugin in order to make your WordPress site compatible with Yubikey USB tokens. The implementation can be configured per user.

yubikey

A little lower tech, another WordPress plugin called Perfect Paper Passwords which implements two-factor authentication a little differently using the Perfect Paper Passwords system by GRC. Your website generates a list of one-time passwords to use and provides you with a print-out of the passwords. As long as you keep that credit card-sized paper secure, you have implemented multi-factor authentication far cheaper than using a hardware-based token.

paper pwd

Each of these plugins add a third line below username and password where you can enter your one-time passcode. With the Perfect Paper Passwords system, it tells you which code it is looking for.

ppp wp login

Filed Under: Security and Privacy, Webmaster

Trending

  • Greener Electronics
    In Going Green, Hardware, Gadgets, and Products, Media
  • Sophos Threatsaurus makes malware and other threats easy to understand
    In Security and Privacy
  • A Rant on Cyber-Bullying or ‘They’re 11. You, the Parent, Take Responsibility!’
    In Media, Security and Privacy, Software, Talking Points

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Access to the resource [servershare] has been disallowed Access to the resource [servershare] has been disallowed
  • Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • customer contactless payment for drink with mobile phon at cafe counter bar,seller coffee shop accept payment by mobile.new normal lifestyle concept The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO   How Digital Technology Brought the Rise of the CMO  
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • The Latest Innovations In Payment Technology

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in