I’m looking for a bit of guidance on setting up a two step authentication system in WordPress. I’ve looked at a few of the main plugins and they seem to fall in to two camps:
- Add an extra field to the login form
- Add another authentication cookie in addition to the standard WP cookie
I don’t really like the UI of an extra login field, and I don’t feel knowledgeable enough to setup a cookie based authentication system that is secure enough to be worth it. Is there third option I’m missing?
Note: I did see this similar post, but that consisted mainly of plugin recommendations, and I would like to write something myself if possible.
Update: Since my site will only have a handful of privileged users, I decided to add a query string argument that, when present, will cause the extra login field to be shown. This way, normal users don’t ever see the extra field, and I don’t have to worry about managing an extra authentication cookie.
2 Answers
Trust me, don’t DIY this. Cryptography is not for the faint of heart.
Use the Google Authenticator plugin. It’s awesome.
