As mentioned on the Clef blog this week – the widely used two factor authentication tool will soon be closing down. The final closure date for Clef is set for June 6th and any users will need to have found an alternative before that date.
With over a million active users of the Clef WordPress plugin, we naturally have quite a few clients using this system on our WordPress hosting platform – and we wanted to take a brief moment to suggest a suitable alternative. At this time we’re recommending either of the two following plugins for WordPress two factor authentication:
Google Authenticator
Google Authenticator is a plugin, that uses the Google Authenticator app which is made by the good people at Google, this system is widely used around the Internet. Google Authenticator requires you use an app on your smart phone to generate a unique code. This code is then used with your admin password when you login to your WordPress dashboard.
Two Factor
Another option we recommend if you don’t want to use a phone app. If you use Yubikey (physical authentication), email, Google Authenticator, or other different authentication methods this is a great solution.
If you’re not already using such a system, you might be asking: what is two factor authentication? At its core, 2FA requires a user combine two components of identity in order to access a secure system. A great example of this is using a cash machine: you need both your physical card and also a pin number to access your account. Either is useless without the other. Someone trying to compromise your account would be unable to do so if they possessed only one of these. Two factor authentication makes security much harder to beat.
Take the same logic and apply it to your website, and you might begin to realise the problem – most users only have a password field between their sensitive site areas and would be attackers. If your password is broken or stolen, there’s nothing stopping hackers doing their worst. Imagine just having a cash machine card and no matching pin?
At 34SP.com we offer 2FA for our own control panel login should you wish to set it up. Hint: you should do this ASAP! By enabling 2FA on your account login you’re making the foundations of your overall security stronger. Remember, if someone can access your main 34SP.com login, they can edit your email details and with those, more than likely unlock every other security component you have in place.
For any advice on 2FA, simply contact our support team and we’ll be happy to advise.