2FAS — Two Factor Authentication

Description

Secure your WordPress Administration area with 2FAS plugin.

Each time you log in to the WordPress admin area, you will be requested by the system to provide an additional way of authentication in the form of TOTP codes.
To secure your mobile phone from loss or apps being deleted, you can generate a list of once-off backup codes, or pin a credit card to the system, and receive codes via SMS or VMS.

2FAS is available to all users as soon as it’s installed and registered. Registration is needed because the 2FAS plugin communicates with the powerful 2FAS API. That gives an opportunity to make authentications, send text messages, make automated voice calls and many more.

If you use 2FAS Auth app, the verification of stage 2 can be carried out by confirming the login on the phone without the need to re-type the token in the browser (push authentication).

2FAS uses industry standard TOTP tokens, the same kind used by:
– Google Authenticator
– Microsoft Authenticator
– Authy
– FreeOTP
– and many others…

We use third party services to make this plugin work:
https://2fas.com – for authentication requests and communication with a mobile app
https://pusher.com – for a realtime feedback in a browser

Get instant protection against:

Brute-force attacks

When undergoing a brute-force attack, your password can be discovered by the attacker. This is the only vulnerability you will experience with 2FAS. 2FAS’s intelligent security feature provides a finite amount of time in which the attacker access the correct token. After the access period has ended, the attacker is locked out for security reasons.

WordPress takeovers

Many people use the same password or a similar password for many online services. Repeatedly used passwords remain are vulnerable in cyberspace. Using the 2FAS plugin on your WordPress site makes access without a 2FAS registered device very difficult.

Phishing and keylogger attacks

If you’re not completely sure that the devices used by you or your sub-users are completely free of keyloggers and viruses, then using 2FAS to protect your WordPress site from security breaches is a great solution!

Any password discovery attempt is useless with 2FAS. Without the token generated by your 2FAS, conventional access to your WordPress site is almost impossible.

Support

For more information check out our website at https://2fas.com

If you need our support, please contact us at support@2fas.com

Screenshots

  • The first step of the login process — providing the login and the password.
  • The second step of the login process — providing the token on an untrusted device.
  • Configuring the Two Factor Authentication in the 2FAS plugin.
  • Google Authenticator can be used in the login process.

Installation

  1. Log in to your WordPress administration area and go to the “Plugins” menu option on the left side.
  2. Click the “Add New” button at the top of the page.
  3. Search for “2FAS” and click the “Install Now” button.
  4. When 2FAS successfully installs, click the “Activate Plugin” link.
  5. Go to the 2FAS (2FAS Admin) menu option and click on the “Sign Up” button.
  6. Follow the steps of the plugin wizard (scan the QR code and provide your token in order to verify it).
  7. That’s it! Now your WordPress administration area is protected by 2FAS.

Note that in order for our plugin to work you must have PHP 5.3 or newer, WordPress 3.6 or newer, cURL extension and JavaScript enabled. These are minimum requirements. We recommend to use at least PHP 5.6 and WordPress 4.0.

If you have any problems with the installation please contact us at support@2fas.com

FAQ

Installation Instructions
  1. Log in to your WordPress administration area and go to the “Plugins” menu option on the left side.
  2. Click the “Add New” button at the top of the page.
  3. Search for “2FAS” and click the “Install Now” button.
  4. When 2FAS successfully installs, click the “Activate Plugin” link.
  5. Go to the 2FAS (2FAS Admin) menu option and click on the “Sign Up” button.
  6. Follow the steps of the plugin wizard (scan the QR code and provide your token in order to verify it).
  7. That’s it! Now your WordPress administration area is protected by 2FAS.

Note that in order for our plugin to work you must have PHP 5.3 or newer, WordPress 3.6 or newer, cURL extension and JavaScript enabled. These are minimum requirements. We recommend to use at least PHP 5.6 and WordPress 4.0.

If you have any problems with the installation please contact us at support@2fas.com

Why do I need the 2FAS plugin?

If you’re not completely sure your devices or ones used by your sub-users are completely free of keyloggers and viruses, then it is a great solution.
Without the token generated by your smartphone, any password discovery attempt will be useless with 2FAS plugin.

Do I need to enter a token each time I log in to the WordPress admin?

No, it is not necessary. The 2FAS plugin determines whether or not the user is required to enter a token as an additional form of authentication.

What do I need to do to start using the 2FAS plugin?

The most common way to use the 2FAS plugin is to configure your smartphone to generate tokens. You can download any Time-based One-time Password (TOTP) app (e.g. Google Authenticator, Authy, FreeOTP, etc.).

Can I use a browser extension instead of my smartphone to generate tokens?

Yes, you can; however, it isn’t as safe as using your smartphone.
The main idea of the two-factor authentication is based on using different devices or channels, which can verify a user. When you are using a browser extension, then you are not protected from malware or viruses, which can catch your token.

What methods can I use as a second factor?

In general, our plugin offers three authentication methods: TOTP app, text message, and an automated voice call. You can choose any of them to generate the code during the second factor authentication.

Is it free?

It is completely free if you’re using tokens (TOTP, e.g. for Google Authenticator app).
If you’d like to use text messaging or voice call, you need to create an account at 2fas.com and see our pricing, since prices vary depending on cell phone carriers. We charge only for the messages that are sent (authentication).

Reviews

Does not work

Could not get a dual auth login to show once activated, account created and a CC added to allow the SMS to work.

Really good one

This one seems to be new on the market. I’ve tested few and this one is pretty good working.
I’m giving 5 stars for the good start. Good job guys!

Read all 4 reviews

Contributors & Developers

“2FAS — Two Factor Authentication” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

2.1.0 (Nov. 28, 2017)

  • Added mechanism for displaying update message when a new version of the plugin is available
  • Highlighted active plan on administrator’s settings page
  • Changed text in button for generating backup codes
  • Bug fixes

2.0.2 (Nov. 3, 2017)

  • Fixed compatibility issues with offline codes and menu icon on Firefox

2.0.1 (Oct. 16, 2017)

  • Fixed broken theme customization

2.0.0 (Aug. 30, 2017)

Important notice

This version is a major version. It significantly changes the flow of authentication.

Currently, you can only authenticate through TOTP (tokens) or push (2FAS Auth mobile app). Text messages and Voice Calls are only available as a backup method.

If you are using SMS or VMS as the main authentication method, please note that the plugin will be switched to legacy mode. As soon as you configure TOTP method or disable SMS/VMS method, the legacy mode is disabled.

  • Redesign
  • Added backup codes
  • Added logging in via 2FAS Auth mobile app (push notification)
  • SMS and VMS authentication methods became backup methods
  • Trusted device is not being added automatically anymore
  • Added compatibility with All In One WP Security & Firewall plugin’s feature which allows changing the login page URL