If you’ve heard that 2–Factor Authentication (2FA) is important, you’ve heard it a hundred times.
So why is it so hard to get more people to use it?
Because 2FA adds friction to what is normally a simple thing. If you must have your phone on-hand, or some other device each time you login, it can feel like more trouble than it’s actually worth.
But it isn’t – 2FA is absolutely critical.
So how can we help increase adoption of 2FA? By removing some of the inconvenience…
We’ve noticed many of services now provide a “remember me” option. That is, as you login with your 2nd factor, you often have an option that says something like
☑ don’t prompt me for a login code for 2 weeks
This neat feature helps us to strike a balance between added security and a smoother user experience.
So we’ve added it to the Shield Security plugin 🙂
Shield Security v6.2.0 Adds “Remember me” for 2FA
Here is how it works.
1) First, set the number of days to “remember”
The first setting to put in-place is the number of days that Shield will “remember” a successful 2FA login.
For example, let’s say you set it to 3 days.
Any user that logs in, and selects the option to “remember”, will not need to enter a multi-factor code for that browser, for 72hrs (3 days).
This has nothing to do with the normal WordPress login. If the user logs out, they must login again (but they wont be prompted for 2FA codes).
Note: To disable this feature (and it’s disabled by-default) set the value to zero, 0.
2) The user will be prompted to check the box to “remember”
Turning on the option (above) doesn’t mean it happens automatically. The user must select the checkbox at the time they’re confirming their 2FA.
Again, this option has nothing to do with the normal WordPress login. It only relates to prompting of the 2FA login codes.
We highly recommend that users only check this box for computers and browsers that they “own” i.e. not in public or shared-use computers.
How to get this feature for your site
This is feature is available from Shield Security v6.2.0 onwards (due 29th January 2018), and is only available to Shield Pro members. We’ve made Shield Pro affordable for absolutely everyone by offering it for just $1/month.
We’ve been testing this new feature and we love it – it definitely makes the everyday use of 2FA much nicer for everyone!
If you have any further suggestions on how we can help with 2FA, please let us know.