In your recent day-to-day activities, you may have noticed that sites such as Facebook, Twitter, PayPal, and Google now give you the ability to add two-factor authentication when logging in. This isn’t a coincidence.
Two-factor authentication is an increasingly important security protocol that better protects your privacy and data. Ideally, you should move to incorporate this technology into your business activities, such as logging into your WordPress site, as soon as possible.
But what is two-factor authentication? How does it work, and why should you start using it to protect your company’s most important assets?
What is Two-Factor Authentication (2FA)?
Two-factor authentication (2FA), sometimes referred to as multi-factor authentication, is a method used to verify a user’s identity when trying to access an application, such as WordPress. In addition to your typical login credentials, 2FA requires you to provide an additional piece of information to confirm your identity.
In practical terms, you log in to your chosen application as usual before proceeding to the second step of confirming your identity. Once confirmed, then, and only then, are you granted access to the application.
Concerning that second piece of information, 2FA deliberately uses a changing or one-time code rather than something that cybercriminals could easily acquire, such as a mother’s maiden name. This process is further security-hardened by being delivered via something only the correct person should have in their possession, such as a mobile phone.
Increasingly, biometric data, such as fingerprints and facial recognition, are being used to confirm identities since they are unique to each individual and impossible to hack.
How Does it Work?
Once set up, you head over to the login page of the application in question and log in as normal. Then, depending on the specific options you have configured, you will likely be met by a 2FA screen that will prompt you to enter the information required to confirm your identity.
In most cases, this will be a code that can be sent via SMS, email, or acquired by using specifically designed software such as the Google Authenticator app, which has codes on consistent rotation. In other cases, you may use your phone to enter a fingerprint or facial scan.
Why Should You Start Using Two-Factor Authentication?
It may seem obvious, but you should implement it to improve the security protecting your company’s most critical assets.
To give you an example, when was the last time you saw an expensive jeweller selling diamonds and high-end watches secure them with a lock and key? Modern-day jewellery stores are protected by motion sensors, under-counter triggers, locked vestibules, fake diamonds, and fingerprint-activated safes, to name just a few of the available measures.
And yet, many business owners are willing to leave their company website, worth thousands of pounds, secured by a mere username and password.
What’s even more worrying is that these username and password combinations are easily hacked. Technology enables hackers to test billions of password combinations per second (called brute force or d-dos attacks), exposing 90% of all passwords.
Facebook realised this when they discovered that there were close to 600,000 attempts to acquire users’ personal information using stolen passwords taking place every day. That was a decade ago. Today, that number is likely in the millions, given how much technology has advanced since then.
So to protect the hours and money spent on adding blog content, improving search engine performance, and earning sales (in the case of e-commerce), you need to implement 2FA protocols as a matter of urgency.
How to Add 2FA to Your Business Website
The good news is that adding this incredibly effective layer of security is relatively easy to set up. If you are using WordPress, you can actually set up 2FA login requirements from the “Security” tab of your WordPress dashboard and follow these instructions from there. Alternatively, you can configure your site’s 2FA settings by installing a plugin such as WP 2FA.
Whichever way you set up your 2FA protocols, we would recommend using an authenticator app as your method of identity confirmation, as it’s more secure than an email or SMS code that could be intercepted.
Another measure we would recommend is switching up your WordPress login URL. WordPress sites are an easy target for hackers because they all usually have the /wp-admin URL extension for the login page. Once they’ve arrived, they can begin running scripts to try and gain entry to your site.
Just the mere act of changing your URL can force them to give up and move onto easier targets. Committed hackers may remain committed to uncovering your login URL, but most will give up at this first hurdle. If you’re wondering how to change your login URL, read this useful tutorial.
Bolster Your Website Security with McGinn & Dolphin
Your business website is one of the most valuable assets, so don’t leave it protected by a mere username and password. Installing 2FA on your website, along with other mission critical applications, ensures that your data is protected.
If that seems like a complex task, we can take care of all of your backend security to ensure that you avoid ending up on the wrong end of a devastating hacking attack. With our monthly website maintenance packages, we perform regular security scans, keep all plugins updated, and ensure that there are security weaknesses.
Why not get started with a complimentary website audit to uncover any potential security flaws? Book a discovery call today to schedule your appointment.