2FA with e-mail, not cellphone?

  • NETT.PRO

    (@nettpro)


    9 months ago

    Hi.
    Is there a possibility to set up two factors authentication with email instead of these so called apps? First of all I would never use Google or Microsoft for security. I see there are other apps, but I do not use apps. I do not use cellphone for internet at all, so it would be nice to have 2FA with only a code sent to email.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @nettpro, thanks for getting in touch.

    If a WordPress administrator’s email account was ever compromized with 2FA configured to it, an attacker would be able to reset their password and get 2FA codes for their site so it’s no longer two factors. I understand why people may distrust certain high-profile app providers, but there are increasingly more to choose from, and only having a code available from a single physical device is preferable.

    We are currently looking into feasibility and user-demand for further security measures like hardware keys and/or passkeys, although I can’t comment on development progress or release dates here on the forums.

    Thanks,
    Peter.

    Thread Starter NETT.PRO

    (@nettpro)

    Indeed it would be bad if an attacker got access to the email account. That would also be true if anybody else got hold of your cellphone? I just though it would be nice to have the ability to both give a password and maybe an email link? Like it is today, since I do not use cellphones, it only work with one password.

    I do understand it is not possible to satisfy everybody wishes. Will check if there is other plugins who support authentication via mail. ?? Thank you for the feedback.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘2FA with e-mail, not cellphone?’ is closed to new replies.

Tags