However, we recommend generating a list of backup codes, printing it, and storing it in a safe place. It’s always good idea to select a secondary option here, otherwise if you ever loose access to your Google Authenticator app, your phone etc you will get locked out of your website. However, don’t forget to generate some 2FA backup codes. Now you have 2FA on your WordPress website and can generate one-time codes with the Google Authenticator app. Once you scan the QR Code you will be asked to enter the one-time code for the first time. That is it. Then tap the add new website icon (the red circle with a white cross), and select Scan a barcode to scan the QR code you are presented with. Bascially, all you need to do is launch the Google Authenticator app on your phone. Once you install and activate the WordPress plugin WP 2FA, you are presented a wizard that helps you setup two-factor authentication.įrom here, select the 1st factor method One-time code generated with the Google Authenticator app. Setting up 2FA on your WordPress with the WP 2FA plugin TOTP (one-time code from Google authenticator app).Email codes (one-time code is sent over email).This plugin supports the following 2FA methods: The app is available on both Google Play and the Apple Appstore.Īs for the plugin, install the WP 2FA, an easy to use two-factor authentication plugin for WordPress. How to setup the Google Authenticator app for your WordPress 2FAįirst install the Google Authenticator app on your smart device and the two-factor authentication plugin on your WordPress website. If the one-time code is somehow compromised, or someone uses it within its 30 second window, the second factor can protect you. With a weak password, the 2 nd factor becomes moot, essentially reducing you to one factor. Using the Google Authenticator app with a strong password makes it an effective 2FA solution. Just because you enable 2FA on your website, it doesn’t mean you can brush off the other factor. IMPORTANT: With 2FA you still need strong passwords Therefore to achieve 2FA with Google Authenticator, you must couple it with another factor, typically a password. From there, the website’s 2FA mechanism and the Google Authenticator app on your phone are in sync with one another. This secret can be either a string of characters you type in, or an input from your camera, for example by scanning a QR code. How does your website know it is the correct one-time code?īoth the Google Authentication app and the website start off with a common seed or secret. When you type in the correct password and the one-time code provided by the app you successfully login to your website. In Google Authenticator the generated passwords lasts about 30 seconds. Without getting too far into the weeds, HOTP varies from TOTP: in HOTP a password will never expire until used, while a TOTP code or password expires within a certain time frame. TOTP is a variant of the HOTP (HMAC-based One Time Password) algorithm. It does so by using TOTP (Time-based One Time Password). This provides the second factor to the password (the something you know) you use to login to your website. Google Authenticator is an app built by Google. The Google Authenticator app: a crash course So if you do not want to use Google Authenticator for WordPress 2FA, refer to the list of supported 2FA apps. NOTE: The WP 2FA plugin for WordPress also supports Authy, FreeOTP and several other 2FA apps. We will also explain how with a two-factor authentication plugin and the Google Authenticator app you can easily setup 2FA on your WordPress website. In this article we’ll assume that you know what 2FA is, so we can show you how Google Authenticator works. Both fall into the same category of “something you know”.įor more detailed information on how 2FA works refer to how two-factor authentication works on WordPress. For example, if you use 2 passwords to login, that doesn’t qualify as 2FA. Note that 2FA is not as simple as just using any 2 things for authentication. somewhere you are like, GPS-based authentication.you do like a swipe pattern password on a phone.These factors are often grouped into a number of labels. Improving defense in depth with two-factor authenticationĢFA uses two factors to login. One of them is to implement two-factor authentication (2FA). There are several ways how to harden the authentication to improve the defence in depth of your WordPress login mechanism. When you manage a WordPress website, one of the most important aspects of security is authentication, a.k.a. You do not want to be compromised by the failure of a single component. Whenever you implement a security measure, you should also have some sort of fallback.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |