Two factor authentication (2FA) is an extremely strong security measure to keep bad guys, gals, and bots from hacking into my important accounts – WP admin, email, registrar, cPanel, and so on. And … I’m just not a fan.
That’s not to say I don’t use it. I use 2FA quite a bit, but only when other, more convenient security measures are not available. A bit of background on 2FA, courtesy of Wikipedia …
Multi-factor authentication (MFA) is a method of confirming a user’s claimed identity in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).
Two-factor authentication (also known as 2FA) is a type, or subset, of multi-factor authentication. It is a method of confirming users’ claimed identities by using a combination of two different factors: 1) something they know, 2) something they have, or 3) something they are.
A good example of two-factor authentication is the withdrawing of money from an ATM; only the correct combination of a bank card (something that the user possesses) and a PIN (something that the user knows) allows the transaction to be carried out.
In short, 2FA provides awesome security, as good as it gets for WP and other online logins. And I’m a big proponent of WP security, so I should absolutely love 2FA. But, we just haven’t bonded. Maybe it’s a cultural thing. I just don’t like that it depends on me always having my cell phone handy.
I’ve lost my cell phone twice in the past. First time, my phone popped off my day-pack while climbing the cables on Yosemite’s Half Dome, and fell roughly 5,000 feet to its doom. I’m still thankful I wasn’t on a call with my wife at the time. Second time – just being a dunderhead – left it behind when I exited a train. I also sometimes leave it at home when at work, or vice versa. I’m reliant on 2FA now, so I’m more careful with my phone. Still, no guarantee it will never be lost or stolen.
So, I wish all the accounts that are important to my WP security – admin login, cPanel, email, Cloudflare, host, registrar – provided security mechanisms less reliant on me not losing my phone. But not all do. So, gotta go 2FA. Still not a fan though.
A couple of lessons I learned the hard way …
- If I use Google Authenticator – which I do – I will get a QR image to scan during the sign-up process. I need to remember to ***Save the image!*** Save it somewhere safe – encrypted maybe – but save it. I may very well need it later and I can’t find any way to regenerate it.
- Install WinAuth on one or more laptops or PCs. So, if I leave my phone at work, I can still authenticate.
WPPOV supports freedom from Net Neutrality and the GDPR. The Internet of the people, by the people, for the people, shall not perish from the Earth.