Two-factor authentication is one of the best security measures anyone can take to secure their online accounts. It provides an easy way to add a secondary authorization layer to your login process. Thus, you can drastically reduce the possibility of unauthorized access.
WP 2FA is a two-factor authentication WordPress plugin. It is easy to set up and maintain and offers several customization options, allowing WordPress administrators a great degree of control over the implementation of 2FA on their websites. It also supports both HOTP and TOTP, giving administrators and users flexibility in how 2FA is implemented and used.
HOTP uses email, with no third-party apps required to deliver the OTP. On the other hand, the TOTP requires a third-party app that generates an OTP to be installed on a compatible device.
This article will be looking at the 5 top apps available today that are fully compatible with WP 2FA. One thing worth noting here is that due to how WP 2FA works, any authentication app that supports the TOTP RFC 6238 specification should be compatible with WP 2FA.
Google Authenticator
Google Authenticator is one of the most popular 2FA apps around. It’s very easy and straightforward to use and is compatible with most 2FA logins that use TOTP or HOTP. You can install the app on Android devices as well as those running iOS and iPadOS. It’s completely free to download and use.
You can also enable Privacy Screen, which will ask you to log in with your FaceID or fingerprint depending on your device, effectively adding another authentication factor to the process.
Read more about configuring Google Authenticator with WP 2FA.
Microsoft Authenticator
Microsoft Authenticator works similarly to Google authenticator. Firstly, the app can be set up with biometric login, effectively adding another authentication factor to the process and theoretically increasing security,
You can also use the app to save and serve passwords, acting as a password manager. You can synchronize your passwords through a Microsoft account, providing you with access to your passwords across all of your devices. Microsoft Authenticator also uses ‘passwordless’ to log in to your Microsoft account. Here, instead of entering your password, you can log in by confirming a number on the app.
Read more about configuring Microsoft Authenticator with WP 2FA.
Authy
Authy has some unique features, including the ability to install it on a desktop computer. It supports all major Operating Systems, including Windows, Mac, and Linux. This makes the app more convenient to use as you do not need to have your smartphone with you. At the same time, it provides those users who might not have a smartphone with a viable 2FA app option.
Aise from multi-device installation, Authy also supports password protection and data encryption when backing up the account.
Read more about configuring Authy with WP 2FA.
LastPass Authenticator
LastPass is well known as a password management app/service. However, they also offer an authenticator app that supports TOTP authentication. The app is available for Android and Apple devices and Windows Mobile devices, which is not something you often come across these days.
Aside from TOTP 2FA, LastPass Authenticator also supports SMS codes and push notifications, giving it a broader compatibility scope with different authentication methods.
Read more about configuring LastPass Authenticator with WP 2FA.
Duo
Duo is an enterprise-grade authentication app mainly targeted at enterprises as well as federal and public sector organizations. You need to have a Duo account to use the app, which you can set up from their website. The app comes in several different payment tiers, depending on the functionality and features required.
The most basic version of the app supports OTP, SMS, hardware tokens, and a few other protocols, giving it enough functionality to cover WP 2FA requirements. Higher-tier versions of the app support more complex rules, including trust policies and MDM enrollment rules.
Read more about configuring Duo with WP 2FA.
Other apps worth considering
As mentioned earlier, WP 2FA is compatible with any authenticator app that follows the RFC6238 specification. This flexibility means that any user already using any such compatible app can quickly and seamlessly add WP 2FA authentication without installing new apps.
Having said that, aside from the apps mentioned above, FreeOTP and Octa Verify are two authenticator apps also worth considering (refer to the 2FA app step-by-step configuration procedures).
How to choose an authenticator app
When it comes to choosing an authenticator app, the choice available can be pretty overwhelming. As such, it helps to understand which features you might find helpful. This can help you narrow down the available options and choose the one that best fits your needs.
If you’re already using 2FA on other websites, checking which apps they’re compatible with can save you from having to install multiple apps. While most websites are compatible with most apps, it’s always worth checking.
Do you find yourself constantly running out of phone battery? Then, an app that supports multiple devices can save you a lot of trouble. Apps with login allow you to access your OTPs from different devices, including smartphones, laptops, tablets, and smartwatches.
One other thing that you might want to consider is backups. Most apps do not allow you to backup your secret 2FA keys. This can leave you in a bit of a lurch should you need to replace your phone. Without backups, you will need to re-register each website, which can be problematic if you have quite a few.
What to do if you cannot install an authenticator app
It is worth remembering that WP 2FA also supports HOTP, which stands for HMAC One Time Password. Unlike TOTP, HOTP does not need an app and relies on email instead to deliver the OTP that users need to log in to WordPress safely.
While HOTP is not considered to be as secure as TOTP, it can be a great option if some of your users do not have a compatible smartphone to install a TOTP authentication app. Even so, it is still more secure than a password alone. As such, it can make a great addition to your security protocols.