In Gmail, when you enable 2-step authentication, each time you log in to your account via an unknown device or computer, you will be asked to enter a verification code that can be sent to your cell phone via SMS or good old fashioned phone call. The idea is to provide an extra security layer to verify you are the person logging into your account.
My initial thought is, how secure can this be? After thinking through it a little, 2-step verification is perhaps as good as it gets for now. Why? Because a hacker sitting somewhere half way around the world is not likely to have my cell phone. So when they try to log in to my account, they are immediately presented with the code request, which is sent almost immediately to my cell. Without that, they cannot enter and I know at once someone is trying to log in to my account.
Is it fool proof? Of course not. If there is a concerted effort like someone breaks into my office, steals all my logins and my cell phone. Yeah sure they can get into my email. Can people half way around the world hack my cell phone? I’m not so naive to say no but at this time, it is unlikely. What I’m trying to say is, this is a pretty good way to deter hackers who are banking on our lack of security measure or ignorance.
Since enabling 2-step authentication, it has sometimes been a pain but worth it. I sometimes wished it was available for other things as well like… for our web sites and then I came across the plugin Duo WordPress, from Duo Security It looks really interesting and am installing it on one site to try it out for now.
The basic service is free for 10 users and you get up to 1000 calls or phone messages. From what I understand, if you run out of credits you can purchase a block of 1000 for $10 or you can upgrade to their paid plan for only $3 per user, per month it truly isn’t a bad price for extra security.
There’s another alternative in the WordPress repository that makes use of Google Authenticator. I believe that is free. All worth checking out before it is too late.