Disappointingly but not surprisingly I’ve seen a large increase in the number of website hacking login lockouts in the past week. It’s only a matter of time before traditional lines of defence are beaten – that’s why I’m enforcing the really simple extra layer of Two-Factor Authentication (2FA or TFA) on client sites, now.
For you, if that’s in place already, ponder what other accounts you manage or use that could benefit from this additional level of security.
Two-Factor Authentication is very simple to add and a painful block for hackers.
What is 2FA (or TFA)?
It puts a second layer of login authentication between you and your website, requiring a real-time un-lock code. The code comes from a central server and is displayed on an authenticated device (like your smartphone). You enter it as part of your logging in, the code is checked and if valid, you proceed.
Why it’s a pain for hackers?
The authenticated device (typically your phone) is rather unique to you, so unless they’ve hacked that and/or have your phone it’s almost impossible to bypass.
Depends on what you’re trying to secure. For premium service accounts like Xero, Mailchimp, Amazon, Google and Facebook it’s there waiting for you. Using an app on your phone you can link to that service for your second-level access code.
Your website? Depends on the CMS. WordPress, as an example, has many free plugins that work well. Google Authenticator and Two Factor Authentication, are two I recommend for WordPress. Yes, it is a pain in the ass. More so for the hacker. Question is, how much do you value your data?