While a strong password can help keep your account safe, it’s not a means to an end. With two-factor authentication, you can add an extra layer of security to any account that holds your personal information – as well as that of your customers.

Read on to find out about the importance of two-factor authentication for WordPress website hosting and email servers, what it is, how it works, the benefits of 2FA, and more.

What is two-factor authentication?

Two-factor authentication is a name for any login or entry system which requires two different methods of identifying yourself. It’s one of the most recommended security features for online accounts, and for good reason.

Having 2FA in place helps to protect your accounts from password brute-force attacks, social engineering, and phishing – which often pops up in emails – and secures your private logins against attackers who are looking to exploit lost, stolen or weak credentials.

You probably already have 2FA in place for your online banking account, but it can also be put in place for a whole host of other accounts, from email servers to WordPress hosting.

Why do email servers and WordPress sites need 2FA? 

Email servers and WordPress websites are highly sought-after by cybercriminals, primarily because they often house sensitive information. If they gain unauthorised access to an email server or website, they can reveal private communications, leak data, deface the site or even use it as a gateway for deeper network breaches.

As you can imagine, the consequences of this would be pretty ghastly. Plus, numerous industries are bound by compliance regulations that require succinct security protocols, such as multi-factor authentication to safeguard sensitive information. Neglecting to establish strong security measures can lead to hefty fines, legal issues, and damage to a business’s reputation.

This is what makes two-factor authentication so vital, as it introduces an extra verification step beyond just entering a password. This greatly diminishes the chances of unauthorised access, even in the unfortunate event that login details are leaked. 

Types of two-factor authentication

Many online services now offer two-factor authentication (2FA) as standard, and there are plenty of different methods to choose from.

1. Generating codes

The most popular method is by using an authenticator app to generate codes.

Using this method, once you’ve set up your app of choice (the most popular being Google Authenticator or Authy), you’ll be asked to enter an authentication code after filling in your password. These codes are based on the time, with an algorithm determining their outcome.

Both the website you’re logging into and the authenticator app know what the algorithm is, so they'll be able to determine if you’ve entered the correct code. This means this method will also work even if your mobile device is offline.

For older phones, most services also offer an option to text a verification code to a phone when a login attempt is made.

2. Biometrics

Another increasingly widespread option is the use of biometrics, such as fingerprint scanning. Modern smartphones often come equipped with a fingerprint scanner, so requiring a recognised print to be used when logging into a service can reduce unauthorised logins.

3. Physical keys

Physical keys such as Yubikey are another option for the security-conscious. They look like a USB stick, and are plugged into the device being used to log in as a form of authorisation.

4. SMS/Text Codes

One of the earliest (and often still widely used forms of 2FA) is receiving an SMS or text message code. When logging in, the user receives a one-time code via text message, which must be entered along with their password. This method is convenient as most people have access to a mobile phone, and is also accessible to those who may not operate with a smartphone or use modern-day apps.

How does 2FA work?

As we’ve already established, two-factor authentication enhances security by making users input two forms of verification from separate categories of credentials. 

Generally, the sign in process including 2FA will go something like this: 

  • You input your password
  • You put in some form of verification that’s sent to your phone or email (which would have been set up if you put your phone number in the 2FA set-up process)

This way, even if someone has your login details, you’ll receive an alert of an attempted sign-in. You can then take the steps to change your password to secure your account, and/or report your account has been compromised.

When to use two-factor authentication

The short answer: as much as you possibly can! Think of it like this – if you walk into your house and lock the door behind you, why not use the chain, too? It doesn’t take much extra effort, and if somebody manages to pick your lock, they’d still not be able to enter your house.

Ensure that your personal information and accounts are protected from unauthorised access through the use of 2FA.

Is two-factor authentication secure?

2FA relies on you having access to the device you’ve set it up on. It’s an extra layer of security on top of your primary login method – in most cases, a password. It’s the most sure-fire way of preventing access to your accounts in the case that someone gets hold of your password.

Another benefit of two-factor authentication is its convenience. While there could be a foolproof method to prevent unauthorised account access, it’s no use if it’s such a hassle that nobody decides to use it. As most people are likely to have a mobile device on hand when they need to log in to something, it’s no extra effort to enter the 2FA code.

With an authenticator app, the only way an unauthorised user can get into your account is if they have access to the device and the app itself. As the generated codes are time-based, it wouldn’t be enough for them to have a screenshot of the code – they’d need to see the app within the same minute of the password being entered.

Can two-factor authentication be compromised?

If there’s no malware on your device, it’s unlikely that a hacker will be able to get access to your two-factor authentication codes using traditional hacking methods.

How hackers can access your 2FA

The most common way attackers get access to a two-factor authentication method is through social engineering. When the two-factor authentication method involves sending a text to the user’s mobile phone, hackers have been known to call up the user’s phone company and have their mobile number transferred to their own account. This then allows them to receive the texts containing the authorisation code to their own phone.

Another common way that attackers can get hold of authentication codes is by contacting the user directly. A phone scam on the rise involves a caller posing as an organisation such as a bank, and feigning ‘security questions’ to gain the trust of the user.

As a final ‘verification technique’, the hacker will ask the user to read the code that was just sent to their phone. At the same time, they will initiate the login process to one of their accounts, triggering the 2FA code to be sent – which the victim might then read out to the attacker.

How to prevent hackers from accessing your 2FA

It’s unlikely to happen, but you can prevent a hacker accessing your 2FA code by asking your mobile phone provider to require a spoken password from you to make changes to your contract.

It also pays to be vigilant about incoming calls from unknown locations, and if you’re in doubt about who’s calling you, it’s usually best to hang up and call the organisation they’re claiming to be back.

The benefits of two-factor authentication

Why should you start to use two-factor authentication on your accounts? Well, there are many great benefits to 2FA, and they might just change your mind, so let us run through them:

1. It’s convenient

A major benefit of two-factor authentication is its convenience. As most people are likely to have a mobile device on hand when they need to log in to something, it’s no extra effort to enter the 2FA code.

2. It’s straightforward

Setting up a two-factor authentication is straightforward – just scan a QR code with your authenticator app, and the service will be added. Then, each time you log in, you just enter the code. You can also set it up so ‘trusted devices’ such as your private home computer won’t ask for a code every time.

3. It will increase security

Undoubtedly the largest benefit of two-factor authentication is that your security is massively increased. Not only does it minimise the chances of a hacker being able to access your personal accounts, but it’ll put your mind at ease too. Knowing that there are two layers of security, rather than just a single password protecting your information, will help you to feel properly secure.

4. It’s compliant

If you operate in Europe as well as the UK, then having 2FA can help you comply with GDPR. This also helps users see you care about their data!

Is two-factor authentication all I need?

Two-factor authentication works best as part of a whole. You shouldn’t disregard the security of your password just because you have two-factor authentication in place – while the chain can prevent your house being broken into, it’s less effective if the hacker finds the key under your doormat. Learn how to choose a strong password.

The mobile device you use as your primary 2FA device should also be properly secured, with a passcode and/or the biometric methods available on many of the latest mobile phones. That way, if your mobile phone goes missing or is stolen, it’ll be more difficult for someone else to use your two-factor authentication methods.

We suggest setting up two-factor authentication wherever you can – including for your Fasthosts Account. You can now use an authenticator app to add an extra layer of protection to your account, adding to our already strong security measures. Prevent unauthorised logins and keep your projects even safer.