2FAS – Two Factor Authentication

Description

Secure your WordPress Administration area with 2FAS plugin

Each time you log in to the WordPress admin area, you will be requested by the system to provide an additional way of authentication in the form of TOTP codes.
To secure your mobile phone from loss or apps being deleted, you can generate a list of once-off backup codes, or pin a credit card to the system, and receive codes via SMS or VMS.

2FAS is available to all users as soon as it’s installed and registered. Registration is needed because the 2FAS plugin communicates with the powerful 2FAS API. That gives an opportunity to make authentications, send text messages, make automated voice calls and many more.

If you use 2FAS Authenticator app, the verification of stage 2 can be carried out by confirming the login on the phone without the need to re-type the token in the browser (push authentication).

2FAS uses industry standard TOTP tokens, the same kind used by:
– Google Authenticator
– Microsoft Authenticator
– Authy
– FreeOTP
– and many others…

We use third party services to make this plugin work:
https://2fas.com – for authentication requests and communication with a mobile app
https://pusher.com – for a realtime feedback in a browser

Get instant protection against:

Brute-force attacks

When undergoing a brute-force attack, your password can be discovered by the attacker. This is the only vulnerability you will experience with 2FAS. 2FAS’s intelligent security feature provides a finite amount of time in which the attacker access the correct token. After the access period has ended, the attacker is locked out for security reasons.

WordPress takeovers

Many people use the same password or a similar password for many online services. Repeatedly used passwords remain are vulnerable in cyberspace. Using the 2FAS plugin on your WordPress site makes access without a 2FAS registered device very difficult.

Phishing and keylogger attacks

If you’re not completely sure that the devices used by you or your sub-users are completely free of keyloggers and viruses, then using 2FAS to protect your WordPress site from security breaches is a great solution!

Any password discovery attempt is useless with 2FAS. Without the token generated by your 2FAS, conventional access to your WordPress site is almost impossible.

Support

For more information check out our website at https://2fas.com

If you need our support, please contact us at support@2fas.com

Screenshots

  • The first step of the login process — providing the login and the password.
  • The second step of the login process — providing the token on an untrusted device.
  • Configuring the two-factor authentication in the 2FAS plugin.
  • Google Authenticator can be used in the login process.

Installation

  1. Log in to your WordPress administration area and go to the “Plugins” menu option on the left side.
  2. Click the “Add New” button at the top of the page.
  3. Search for “2FAS” and click the “Install Now” button.
  4. When 2FAS successfully installs, click the “Activate Plugin” link.
  5. Go to the 2FAS (2FAS Admin) menu option and click on the “Sign Up” button.
  6. Follow the steps of the plugin wizard (scan the QR code and provide your token in order to verify it).
  7. That’s it! Now your WordPress administration area is protected by 2FAS.

Plugin requirements:

  • PHP 5.3.3 or newer (PHP 7 is recommended)
  • PHP extensions: cURL, GD, Multibyte String and OpenSSL
  • WordPress 3.6 or newer (WordPress 4.9 is recommended)
  • JavaScript enabled

Important notice: 2FAS plugin is not compatible with multisite mode.

If you have any problems with the installation, please contact us at support@2fas.com

FAQ

Installation Instructions
  1. Log in to your WordPress administration area and go to the “Plugins” menu option on the left side.
  2. Click the “Add New” button at the top of the page.
  3. Search for “2FAS” and click the “Install Now” button.
  4. When 2FAS successfully installs, click the “Activate Plugin” link.
  5. Go to the 2FAS (2FAS Admin) menu option and click on the “Sign Up” button.
  6. Follow the steps of the plugin wizard (scan the QR code and provide your token in order to verify it).
  7. That’s it! Now your WordPress administration area is protected by 2FAS.

Plugin requirements:

  • PHP 5.3.3 or newer (PHP 7 is recommended)
  • PHP extensions: cURL, GD, Multibyte String and OpenSSL
  • WordPress 3.6 or newer (WordPress 4.9 is recommended)
  • JavaScript enabled

Important notice: 2FAS plugin is not compatible with multisite mode.

If you have any problems with the installation, please contact us at support@2fas.com

Why do I need the 2FAS plugin?

If you’re not completely sure your devices or ones used by your sub-users are completely free of keyloggers and viruses, then it is a great solution.
Without the token generated by your smartphone, any password discovery attempt will be useless with 2FAS plugin.

Do I need to enter a token each time I log in to the WordPress admin?

No, it is not necessary. The 2FAS plugin determines whether or not the user is required to enter a token as an additional form of authentication.

What do I need to do to start using the 2FAS plugin?

The most common way to use the 2FAS plugin is to configure your smartphone to generate tokens. We recommend installing 2FAS Authenticator but you can download any Time-based One-time Password (TOTP) app (e.g. Google Authenticator, Authy, FreeOTP, etc.).

2FAS Authenticator app largely speeds up the verification process and makes it much more convenient, as it enables you to log in by one click on your mobile, without the need of retyping the code.

Can I use a browser extension instead of my smartphone to generate tokens?

Yes, you can; however, it isn’t as safe as using your smartphone.
The main idea of the two-factor authentication is based on using different devices or channels, which can verify a user. When you are using a browser extension, then you are not protected from malware or viruses, which can catch your token.

What methods can I use as a second factor?

In general, our plugin offers four authentication methods: TOTP app, offline code, text message, and an automated voice call. TOTP is the primary method and the other are backup methods. You can use them if you don’t have access to a mobile application.

Is it free?

It is completely free if you’re using tokens (TOTP, e.g. for Google Authenticator app).
If you’d like to use text messaging or voice call, you need to create an account at 2fas.com and see our pricing, since prices vary depending on cell phone carriers. We charge only for the messages that are sent (authentication).

What is your privacy policy?

2FAS plugin sends to our API data which is important to provide website security and high quality technical support. Below you can find what kind of data is being sent:
– Website URL with the name and version of the WordPress installation
– PHP version
– 2FAS plugin version
– Browser name

This data is necessary in order to provide technical support.

Reviews

Does not work

Could not get a dual auth login to show once activated, account created and a CC added to allow the SMS to work.

Really good one

This one seems to be new on the market. I’ve tested few and this one is pretty good working.
I’m giving 5 stars for the good start. Good job guys!

Read all 7 reviews

Contributors & Developers

“2FAS – Two Factor Authentication” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

2.2.0 (Aug. 6, 2018)

  • Administrator can obligate users to use two-factor authentication
  • Fixed trusted device deletion button