With two factor authentication your users will be able to protect their accounts with their password and cell phone/email! Your password could be stolen with any of the following actions:
Everytime you login you must enter your password (just like before).2. Something else is required.
After login a code will be sent to either your mobile phone or your email, this code will be required to complete login!
While users are doing login they can choose to not ask two-step verification on that computer for the next 30 days! Security maintains as when another PC tries to use the account, the two-factor authentication step will be required!
If a hacker gains access to that password he's going to need your cell phone or your email address to use their account. Two factor authentication accounts are protected with something you know (password) and something you have (email/cell phone).
Codes are created specifically for your accounts right when you need them, if you decide to use two-factor authentication, they are sent to your cell phone or email address. Each code can be used only once!
Installation is quick and easy, and configuration can be done with a simple selection as this mod provides four states: disabled, enabled, enabled and required for certain membergroups, enabled and required for every user!
If selected, you can force certain membergroups (like staff members) to use 2FA! This is extremelly useful to prevent powerful accounts in your website to be wrongly used by hackers!
To receive authentication codes via a phone app, users must first install a code-generating app such as Authy or Google Authenticator on their phone. Then simply scanning the QR code provided they'll have their accounts secure!
In case users don't have an smartphone they'll be able to receive generated codes via email, giving them a similar protection without depending on a specific device! Keep in mind that mobile phone is much more secure and is recommended over this method!
When two factor authentication is activated, a backup code is automatically generated as an alternative method to login, in case they lost access to their cell phone or email they'll be able to login using this code which can only be used once!