With major security breaches like the Heartbleed bug of 2014 that compromised the passwords of millions of users, passwords are becoming an increasingly risky way of allowing users access to the their WordPress administration account.
Matt Cutts of Google explains:
Two-factor authentication is a simple feature that asks for more than just your password. It requires both “something you know” (like a password) and “something you have” (like your phone).
With two-factor authentication enabled, the user is required to enter their username, their password and a second code sent to a mobile device.
Both the users password and the ‘sent’ code must be entered for the user to log in, adding an extra layer of security that confirms it’s actually the authorised user logging in and not someone who has gained access or even guessed the genuine username and password.
When we build or migrate your site onto BiteProof, we will ask you if you want two-factor authentication activated on your site or not, each authorised user can have it activated if required.
You might activate it for certain administrative levels, so a subscriber wouldn’t necessarily have it switched on. But it might be a “must” for administrators.