What is 2-Factor Authentication (2FA)?

2-Factor authentication is where a user authenticates with a system using a secondary piece of known information.

Normally, most user permission system have a username and a password.  This is single-factor authentication.

When you add a secondary element to this authentication system, you call it "2-Factor Authentication".

Some of the examples of 2-factor authentication are:

  • Email - where an email is sent to the user's registered email address for them to click a link and confirm their intent to login.
  • Yubikey - where a user enters a One-Time-Password (OTP) generated by a Yubikey-device.
  • SMS - where after logging in, a user receives and code by SMS to their registered phone.

Shield Security plugin offers 4 different types of 2-factor authentication:

  1. Email - after you login, you'll get an email sent to your account with a code / link to use to complete the login.
  2. Google Authenticator - you'll use an app that generates a random code which you use to login
  3. Yubikey - like the other two methods, but uses a hardware device that generates the code
  4. Passkeys - users can register Passkeys & FIDO2-compatible devices to complete their WordPress login.

For more information about 2-factor authentication, read the blog article here.