Much needed for secure authentication

Increasingly, admins are faced with password-cracking attempts and identity theft risks. In this regard, 2FA is a very much needed security plugin.

2FA management is integrated in WP’s user profile pages, and the options are presented in a clear and intuitive manner. The UI and UX feel like a breeze.

TOTP (time-based one-time password) works flawlessly with the FreeOTP app. Fido U2F is tested to work with Yubikey 4 and Firefox browser with U2F addon (future versions of Firefox may integrate U2F in the browser itself). The Chrome browser should work with U2F too, without extensions.

It is strongly suggested that the user enable single-use backup verification codes and store them securely. Without the backup codes, loss of access to the second factor *will* lock you out. I believe this point could be stressed further in the UI.

Another minor suggestion in the UI is to disable the possibility of using backup codes as the primary 2FA option. Backup codes are not meant for daily use.

Overall, this is an excellent plugin.