In order to better combat brute force login attempts and stolen passwords, WordPress needs a standardized-yet-extensible core system for providing opt-in Two-Factor Authentication to users. This, hopefully, is that system.
We are aiming to be ready to merge in to Core in February of 2016, during the 4.5 release cycle.
For more history, see: http://stephanis.info/2013/08/14/two-cents-on-two-factor/
Active development is taking place on GitHub, at https://github.com/georgestephanis/two-factor/
Weekly meetings are Thursdays at 5pm Eastern Time in the #core-passwords channel on http://wordpress.slack.com/ — if you don’t have a Slack account, sign up at https://chat.wordpress.org/
Increasingly, admins are faced with password-cracking attempts and identity theft risks. In this regard, 2FA is a very much needed security plugin.
2FA management is integrated in WP’s user profile pages, and the options are presented in a clear and intuitive manner. The UI and UX feel like a breeze.
TOTP (time-based one-time password) works flawlessly with the FreeOTP app. Fido U2F is tested to work with Yubikey 4 and Firefox browser with U2F addon (future versions of Firefox may integrate U2F in the browser itself). The Chrome browser should work with U2F too, without extensions.
It is strongly suggested that the user enable single-use backup verification codes and store them securely. Without the backup codes, loss of access to the second factor *will* lock you out. I believe this point could be stressed further in the UI.
Another minor suggestion in the UI is to disable the possibility of using backup codes as the primary 2FA option. Backup codes are not meant for daily use.
Overall, this is an excellent plugin.
Recently, Clef announced that they’re shutting down. It was one of the saddest news for the year 2017 to WordPress community. After searching the WP repository for replacement, I found out that most of them lacks the simplicity of Clef. Most of the once I tried worked well with WP login page but re-directed Woocommerce account holders to WP login page instead of loggin them in to woocommerce dashboard.
Just some few hours ago, I visited clef website to see if there are recommendations for Clef replacement and viola, I saw Two Factor as one of their recommendations. Ordinarily I would hardly install security plugins that has at least less than 3000 installs but for the fact that Clef team recommended it and also having been frustrated with other two factor authentication plugins, I decided to give it a try.
After installing and activating the plugin, everything came back to normal again without any special tweak. My WP login page is working as should without the plugin interfering with Woocommerce account. However, the only thing I missed is single login for all sites using Clef. Other than that, this is perfect.
I just hope this will be maintained in the long run. I’m switching all my sites and that of my clients over to this one.
Thanks for this simple but wonderful plugin.
Covers all the bases with email, totp, fido u2f and backup codes providing 2nd factor authentication when logging in with username/password.
Looks like reference plugin but works great – it should be included in the standard WordPress build 🙂
Thanks for creating a great plugin! can’t wait for this to come out of dev so I can start issuing u2f keys with my future sites 🙂
Nothing to say. Worx.
Has some features (like emergency codes) that are only available in paid versions of similar plugins. The only drawback – you really need to find out how to use the plugin on your own. Once it’s installed, you won’t see a separate menu or even a link in admin area – you need to go to Users section and click Edit User to see plugin options.
Colaboradores y desarrolladores
“Two-Factor” es un software de código abierto. Las siguientes personas han colaborado con este plugin.Colaboradores