It’s primarily been driven by the adoption of “soft tokens”, standard software that can be run on any phone that generates unique numbers used as another layer of security for your login process.
Big companies like Google, Microsoft and others have this as an option, but WordPress does not include it by default. Instead, you can install it with a plugin.
There are several options to choose from in the plugin directory, but I’ve chosen Two Factor Authentication, primarily because it works well and has a reasonable set of features in the free edition.
Installation is the standard WordPress plugin install and after that a user can activate it by selecting the “Two Factor Auth” menu in the WordPress admin backend.
You can either use the QR code to setup your phone with the account and after that, your good to go. Using Microsoft or Google Authenticator apps on your phone (or several others that are available) makes managing your second factor easy and quick.
The plugin integrates with most major login plugins (like Theme My Login) and works well.
If there is a downside to it, it is that some of the features are only in the paid edition. For example; recovery codes and compulsorily usage for roles. However for the vast majority of sites this won’t be an issue.
The only other downside is the upgrade to the premium version is a little expensive at £19 (about $33 Canadian at the moment) for a small or personal site.
Beyond that, I certainly recommend it and have been using it on several of my sites (including JumbleCat of course) for a few months now.
