{"id":3515,"date":"2024-11-25T00:00:00","date_gmt":"2024-11-25T00:00:00","guid":{"rendered":"https:\/\/attributesuseraccess.com\/?post_type=docs&amp;p=1019"},"modified":"2024-11-25T00:00:00","modified_gmt":"2024-11-25T00:00:00","slug":"two-factor-authentication-overview","status":"publish","type":"docs","link":"https:\/\/attributeswp.com\/docs\/two-factor-authentication-overview\/","title":{"rendered":"Two-Factor Authentication Overview (Pro)"},"content":{"rendered":"<div class=\"attrua-doc-article\">\n<div class=\"attrua-doc-meta\"><span class=\"doc-version\">Version: 1.2.1 Pro<\/span>\n<span class=\"doc-updated\">Last Updated: November 2025<\/span>\n<span class=\"doc-difficulty\">Difficulty: Intermediate<\/span>\n<span class=\"doc-time\">Time Required: 20 minutes<\/span><\/div>\n\n<div class=\"attrua-doc-content\">\n\n<h2>Overview<\/h2>\n\n<p>Two-Factor Authentication (2FA) adds an extra layer of security by requiring users to verify their identity with a second factor after entering their password. This Pro feature protects against stolen passwords and unauthorized access.\n<\/p>\n\n<h2>What is Two-Factor Authentication?<\/h2>\n\n<h3>The Two Factors<\/h3>\n\n<strong>Factor 1: Something You Know<\/strong>\n\n<pre><code>\nYour password or passphrase\n<\/code><\/pre>\n\n<strong>Factor 2: Something You Have<\/strong>\n\n<p>Access to your email (verification code)\n<\/p>\n\n<div class=\"attrua-info-box\"><strong>How It Works:<\/strong><br>\n<p>Even if someone steals your password, they cannot access your account without also having access to your email to receive the verification code.\n<\/p>\n<\/div>\n\n<h2>Benefits of 2FA<\/h2>\n\n<h3>Enhanced Security<\/h3>\n\n<div class=\"attrua-success-box\"><strong>\u2713 Protects Against Stolen Passwords<\/strong><br>\n<p>Compromised passwords alone cannot grant access\u2014the attacker also needs your verification code.\n<\/p>\n<\/div>\n\n<div class=\"attrua-success-box\"><strong>\u2713 Prevents Unauthorized Access<\/strong><br>\n<p>Even if someone knows your password, they cannot log in without the second factor.\n<\/p>\n<\/div>\n\n<div class=\"attrua-success-box\"><strong>\u2713 Blocks Automated Attacks<\/strong><br>\n<p>Bots and automated brute force attacks are rendered useless against 2FA-protected accounts.\n<\/p>\n<\/div>\n\n<div class=\"attrua-success-box\"><strong>\u2713 Compliance Ready<\/strong><br>\n<p>Meets security requirements for HIPAA, SOC 2, PCI-DSS, and other compliance standards.\n<\/p>\n<\/div>\n\n<div class=\"attrua-success-box\"><strong>\u2713 Peace of Mind<\/strong><br>\n<p>Users feel more secure knowing their accounts have an extra layer of protection.\n<\/p>\n<\/div>\n\n<h2>Available 2FA Methods<\/h2>\n\n<h3>Email-Based Verification (Available Now)<\/h3>\n\n<strong>How it works:<\/strong>\n<ul>\n<li>User enters username and password<\/li><\/ul>\n\n<ul>\n<li>System sends 6-digit code to user&#8217;s email<\/li><\/ul>\n\n<ul>\n<li>User retrieves code from email<\/li><\/ul>\n\n<ul>\n<li>User enters code on verification screen<\/li><\/ul>\n\n<ul>\n<li>Access granted upon successful verification<\/li><\/ul>\n\n<strong>Specifications:<\/strong>\n\n<p>Code Length: 6 digits\n<\/p>\n<p>Code Expiration: 10 minutes\n<\/p>\n<p>Delivery Method: Email\n<\/p>\n\n<strong>Best for:<\/strong>\n<ul>\n<li>General websites<\/li><\/ul>\n\n<ul>\n<li>Business applications<\/li><\/ul>\n\n<ul>\n<li>Membership sites<\/li><\/ul>\n\n<ul>\n<li>E-commerce platforms<\/li><\/ul>\n\n<h3>Future Methods (Coming Soon)<\/h3>\n\n<strong>TOTP Authenticator Apps<\/strong> (Planned v1.1)\n\n<p>Google Authenticator\n<\/p>\n<p>Microsoft Authenticator\n<\/p>\n<p>Authy\n<\/p>\n\n<strong>SMS Verification<\/strong> (Planned v1.2)\n\n<p>Requires Twilio or similar service\n<\/p>\n<p>Text message delivery\n<\/p>\n<p>International support\n<\/p>\n\n<h2>Who Should Use 2FA?<\/h2>\n\n<h3>Recommended User Roles<\/h3>\n\n<table class=\"attrua-comparison-table\">\n<thead>\n<tr>\n<th>User Role<\/th>\n<th>Require 2FA?<\/th>\n<th>Rationale<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Administrator<\/strong><\/td>\n<td>\u2705 Yes<\/td>\n<td>Highest security risk\u2014full site control<\/td>\n<\/tr>\n<tr>\n<td><strong>Editor<\/strong><\/td>\n<td>\u2705 Yes<\/td>\n<td>Access to all content and publishing<\/td>\n<\/tr>\n<tr>\n<td><strong>Author<\/strong><\/td>\n<td>\u26a0\ufe0f Optional<\/td>\n<td>Moderate risk\u2014can publish content<\/td>\n<\/tr>\n<tr>\n<td><strong>Contributor<\/strong><\/td>\n<td>\u26a0\ufe0f Optional<\/td>\n<td>Limited access\u2014cannot publish<\/td>\n<\/tr>\n<tr>\n<td><strong>Subscriber<\/strong><\/td>\n<td>\u274c No<\/td>\n<td>Read-only access\u2014minimal risk<\/td>\n<\/tr>\n<tr>\n<td><strong>Customer<\/strong><\/td>\n<td>\u26a0\ufe0f Optional<\/td>\n<td>Consider for financial data access<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n<h2>Use Cases by Industry<\/h2>\n\n<h3>Healthcare &amp; Medical<\/h3>\n\n<strong>HIPAA Compliance:<\/strong>\n\n<p>\u2713 Protect patient data\n<\/p>\n<p>\u2713 Secure medical records\n<\/p>\n<p>\u2713 Meet compliance requirements\n<\/p>\n<p>\u2713 Required for: All staff with PHI access\n<\/p>\n\n<h3>Financial Services<\/h3>\n\n<strong>PCI-DSS Compliance:<\/strong>\n\n<p>\u2713 Secure payment information\n<\/p>\n<p>\u2713 Protect financial data\n<\/p>\n<p>\u2713 Prevent fraud\n<\/p>\n<p>\u2713 Required for: All staff with payment access\n<\/p>\n\n<h3>E-Commerce<\/h3>\n\n<strong>Customer Protection:<\/strong>\n\n<p>\u2713 Secure customer accounts\n<\/p>\n<p>\u2713 Protect order history\n<\/p>\n<p>\u2713 Prevent fraudulent purchases\n<\/p>\n<p>\u2713 Recommended for: High-value customer accounts\n<\/p>\n\n<h3>Corporate Intranet<\/h3>\n\n<strong>Business Security:<\/strong>\n\n<p>\u2713 Protect company data\n<\/p>\n<p>\u2713 Secure employee information\n<\/p>\n<p>\u2713 Prevent unauthorized access\n<\/p>\n<p>\u2713 Required for: All employees\n<\/p>\n\n<h3>Educational Platforms<\/h3>\n\n<strong>Student Data Protection:<\/strong>\n\n<p>\u2713 Protect student records\n<\/p>\n<p>\u2713 Secure grades and assignments\n<\/p>\n<p>\u2713 Meet FERPA requirements\n<\/p>\n<p>\u2713 Required for: Faculty and staff\n<\/p>\n\n<h2>User Experience Flow<\/h2>\n\n<h3>Login Process Without 2FA<\/h3>\n\n<strong>Traditional Login (3 steps):<\/strong>\n\n<ul>\n<li>Enter username<\/li><\/ul>\n\n<ul>\n<li>Enter password<\/li><\/ul>\n\n<ul>\n<li>Click &#8220;Log In&#8221; \u2192 Access granted<\/li><\/ul>\n\n<h3>Login Process With 2FA<\/h3>\n\n<strong>Enhanced Login (5 steps):<\/strong>\n\n<ul>\n<li>Enter username<\/li><\/ul>\n\n<ul>\n<li>Enter password<\/li><\/ul>\n\n<ul>\n<li>Receive email with verification code<\/li><\/ul>\n\n<ul>\n<li>Enter 6-digit code<\/li><\/ul>\n\n<ul>\n<li>Click &#8220;Verify&#8221; \u2192 Access granted<\/li><\/ul>\n\n<div class=\"attrua-info-box\"><strong>Time Impact:<\/strong><br>\n<p>Adds approximately 30-60 seconds to login time (time to check email and enter code).\n<\/p>\n<\/div>\n\n<h2>What Users See<\/h2>\n\n<h3>Step 1: Normal Login Screen<\/h3>\n\n<p>Email or Username: &#x6a;&#x6f;&#x68;&#x6e;&#64;&#101;&#120;&#97;mpl&#x65;&#x2e;&#x63;&#x6f;&#x6d;\n<\/p>\n<p>Password: \u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022\n<\/p>\n<p>\u2610 Remember Me\n<\/p>\n\n<p>[Log In Button]\n<\/p>\n\n<h3>Step 2: Verification Code Screen<\/h3>\n\n<p>\u2709\ufe0f Email Verification Required\n<\/p>\n\n<p>We&#8217;ve sent a 6-digit verification code to:\n<\/p>\n<p>&#106;&#x6f;h&#110;&#x40;e&#120;&#x61;m&#112;&#x6c;e&#46;&#x63;o&#109;\n<\/p>\n\n<p>This code will expire in 10 minutes.\n<\/p>\n\n<p>Enter Verification Code:\n<\/p>\n<p>[___] [___] [___] [___] [___] [___]\n<\/p>\n\n<p>[Verify Button]\n<\/p>\n\n<p>Didn&#8217;t receive it? [Resend Code]\n<\/p>\n\n<h3>Step 3: Success Message<\/h3>\n\n<p>\u2713 Verification Successful\n<\/p>\n<p>Redirecting to your dashboard&#8230;\n<\/p>\n\n<h2>Configuration Options<\/h2>\n\n<h3>Global Settings<\/h3>\n\n<strong>Enable\/Disable 2FA:<\/strong>\n\n<p>Settings \u2192 Attributes User Access \u2192 Security\n<\/p>\n<p>Toggle: &#8220;Enable Two-Factor Authentication&#8221;\n<\/p>\n\n<h3>Role-Based Requirements<\/h3>\n\n<strong>Select which roles require 2FA:<\/strong>\n\n<p>\u2611 Require for Administrators\n<\/p>\n<p>\u2611 Require for Editors\n<\/p>\n<p>\u2610 Require for Authors\n<\/p>\n<p>\u2610 Require for Contributors\n<\/p>\n<p>\u2610 Require for Subscribers\n<\/p>\n<p>\u2610 Require for Customers\n<\/p>\n\n<h3>Excluded Roles<\/h3>\n\n<strong>Exempt specific roles from 2FA:<\/strong>\n\n<p>\u2610 Support Staff\n<\/p>\n<p>\u2610 Service Accounts\n<\/p>\n<p>\u2610 Emergency Access\n<\/p>\n\n<div class=\"attrua-warning-box\"><strong>Security Note:<\/strong><br>\n<p>Only exclude roles when absolutely necessary. Each exclusion reduces overall security.\n<\/p>\n<\/div>\n\n<h3>Code Settings<\/h3>\n\n<strong>Verification Code Configuration:<\/strong>\n\n<p>Code Length: 6 digits (fixed)\n<\/p>\n<p>Expiration Time: 10 minutes (fixed)\n<\/p>\n<p>Delivery Method: Email\n<\/p>\n<p>Resend Cooldown: 1 minute\n<\/p>\n\n<h2>Security Considerations<\/h2>\n\n<h3>Strengths<\/h3>\n\n<ul class=\"attrua-checklist\">\n<ul>\n<li><strong>Password breach protection:<\/strong> Stolen passwords are useless without code<\/li><\/ul>\n\n<ul>\n<li><strong>Phishing resistance:<\/strong> Codes expire quickly, limiting phishing effectiveness<\/li><\/ul>\n\n<ul>\n<li><strong>Brute force immunity:<\/strong> Cannot guess codes\u2014too many combinations<\/li><\/ul>\n\n<ul>\n<li><strong>Audit trail:<\/strong> All 2FA attempts logged for review<\/li><\/ul>\n\n<\/ul>\n\n<h3>Limitations<\/h3>\n\n<div class=\"attrua-warning-box\"><strong>Email Dependency:<\/strong><br>\n<p>Users must have access to their email to log in. Lost email access = locked account (see recovery procedures).\n<\/p>\n<\/div>\n\n<div class=\"attrua-warning-box\"><strong>Delivery Time:<\/strong><br>\n<p>Email delivery can take 1-5 minutes depending on mail server. Users must be patient.\n<\/p>\n<\/div>\n\n<div class=\"attrua-warning-box\"><strong>Spam Filters:<\/strong><br>\n<p>Verification emails may be caught by spam filters. Users should check junk folders.\n<\/p>\n<\/div>\n\n<h2>Email Requirements<\/h2>\n\n<h3>Email Server Configuration<\/h3>\n\n<strong>Requirements for 2FA emails:<\/strong>\n\n<ul class=\"attrua-checklist\">\n<ul>\n<li><strong>Working SMTP:<\/strong> Reliable email delivery configured<\/li><\/ul>\n\n<ul>\n<li><strong>SPF\/DKIM records:<\/strong> Proper authentication to avoid spam<\/li><\/ul>\n\n<ul>\n<li><strong>Fast delivery:<\/strong> Emails arrive within 1-2 minutes<\/li><\/ul>\n\n<ul>\n<li><strong>Whitelist domain:<\/strong> Ensure emails not blocked by spam filters<\/li><\/ul>\n\n<\/ul>\n\n<h3>Testing Email Delivery<\/h3>\n\n<strong>Before enabling 2FA:<\/strong>\n\n<ul>\n<li>Go to Settings \u2192 Attributes User Access \u2192 Email<code><\/code><\/li><\/ul>\n\n<ul>\n<li>Click &#8220;Send Test Email&#8221;<\/li><\/ul>\n\n<ul>\n<li>Check inbox for test email<\/li><\/ul>\n\n<ul>\n<li>Verify email arrives within 2 minutes<\/li><\/ul>\n\n<ul>\n<li>Check spam\/junk folder if not in inbox<\/li><\/ul>\n\n<div class=\"attrua-error-box\"><strong>Important:<\/strong> Do not enable 2FA site-wide until you&#8217;ve confirmed reliable email delivery!\n<\/div>\n\n<h2>Rollout Strategy<\/h2>\n\n<h3>Phased Deployment (Recommended)<\/h3>\n\n<strong>Phase 1: Administrators Only<\/strong>\n\n<p>Week 1: Enable 2FA for admin accounts\n<\/p>\n<p>Test thoroughly, resolve any email issues\n<\/p>\n\n<strong>Phase 2: Editors and Staff<\/strong>\n\n<p>Week 2-3: Add editors and key staff\n<\/p>\n<p>Monitor for issues, provide support\n<\/p>\n\n<strong>Phase 3: All Users<\/strong>\n\n<p>Week 4+: Enable for all applicable roles\n<\/p>\n<p>Communicate changes to users in advance\n<\/p>\n\n<h3>Communication Plan<\/h3>\n\n<strong>Before Enabling 2FA:<\/strong>\n\n<strong>1. Email Announcement (1 week before):<\/strong>\n\n<p>Subject: Important: Two-Factor Authentication Coming Soon\n<\/p>\n\n<p>Dear [User],\n<\/p>\n\n<p>Starting [Date], we&#8217;re implementing Two-Factor Authentication \n<\/p>\n<p>for enhanced security. This will require you to enter a code \n<\/p>\n<p>from your email when logging in.\n<\/p>\n\n<p>What to expect:\n<\/p>\n<ul>\n<li>Extra verification step at login<\/li><\/ul>\n\n<ul>\n<li>Code sent to your registered email<\/li><\/ul>\n\n<ul>\n<li>Adds 30-60 seconds to login time<\/li><\/ul>\n\n<p>Benefits:\n<\/p>\n<ul>\n<li>Enhanced account security<\/li><\/ul>\n\n<ul>\n<li>Protection against password theft<\/li><\/ul>\n\n<ul>\n<li>Compliance with security standards<\/li><\/ul>\n\n<p>Questions? Contact &#x73;&#117;p&#x70;&#111;r&#x74;&#64;e&#x78;&#x61;&#109;&#x70;&#x6c;&#101;&#46;&#x63;&#111;m\n<\/p>\n\n<strong>2. Login Page Notice:<\/strong>\n\n<p>&#8220;Two-Factor Authentication will be required starting [Date]. \n<\/p>\n<p>Ensure your email address is up to date in your profile.&#8221;\n<\/p>\n\n<strong>3. Support Resources:<\/strong>\n\n<p>Create FAQ page\n<\/p>\n<p>Prepare support staff\n<\/p>\n<p>Document common issues\n<\/p>\n\n<h2>Best Practices<\/h2>\n\n<div class=\"attrua-pro-tip\"><strong>Test Thoroughly First<\/strong><br>\n<p>Enable 2FA on test accounts before deploying to all users. Verify email delivery works reliably.\n<\/p>\n<\/div>\n\n<div class=\"attrua-pro-tip\"><strong>Start Small<\/strong><br>\n<p>Begin with administrators only, then gradually expand to other roles as you build confidence.\n<\/p>\n<\/div>\n\n<div class=\"attrua-pro-tip\"><strong>Communicate Early<\/strong><br>\n<p>Notify users at least one week in advance. Explain what&#8217;s changing and why it benefits them.\n<\/p>\n<\/div>\n\n<div class=\"attrua-pro-tip\"><strong>Provide Support<\/strong><br>\n<p>Have support staff ready to help users during initial rollout. Most issues are email-related.\n<\/p>\n<\/div>\n\n<div class=\"attrua-pro-tip\"><strong>Monitor Logs<\/strong><br>\n<p>Check audit logs for failed 2FA attempts. High failure rates indicate user confusion or email issues.\n<\/p>\n<\/div>\n\n<h2>Performance Impact<\/h2>\n\n<h3>Server Resources<\/h3>\n\n<strong>Minimal Impact:<\/strong>\n\n<p>Email generation: Negligible CPU\n<\/p>\n<p>Database queries: +1 per login\n<\/p>\n<p>Email sending: Handled by mail server\n<\/p>\n<p>Storage: +1 record per verification code\n<\/p>\n\n<strong>No significant performance degradation expected.<\/strong>\n\n<h3>User Experience<\/h3>\n\n<strong>Time Addition:<\/strong>\n\n<p>Email check time: 10-60 seconds\n<\/p>\n<p>Code entry time: 5-10 seconds\n<\/p>\n<p>Total added time: 15-70 seconds per login\n<\/p>\n\n<strong>Trade-off:<\/strong>\n<p>Slight inconvenience for significant security improvement.\n<\/p>\n\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Complete guide to Two-Factor Authentication in Attributes User Access Pro.<\/p>","protected":false},"featured_media":0,"parent":0,"template":"","meta":{"_acf_changed":false,"_surecart_dashboard_logo_width":"180px","_surecart_dashboard_show_logo":true,"_surecart_dashboard_navigation_orders":true,"_surecart_dashboard_navigation_invoices":true,"_surecart_dashboard_navigation_subscriptions":true,"_surecart_dashboard_navigation_downloads":true,"_surecart_dashboard_navigation_billing":true,"_surecart_dashboard_navigation_account":true,"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"footnotes":""},"chapter":[373],"class_list":["post-3515","docs","type-docs","status-publish","hentry","chapter-pro-features"],"acf":{"reading_time":"","difficulty":"beginner","plugin_version":"1.2.2","last_updated":null},"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/attributeswp.com\/wp-json\/wp\/v2\/docs\/3515","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/attributeswp.com\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/attributeswp.com\/wp-json\/wp\/v2\/types\/docs"}],"version-history":[{"count":0,"href":"https:\/\/attributeswp.com\/wp-json\/wp\/v2\/docs\/3515\/revisions"}],"wp:attachment":[{"href":"https:\/\/attributeswp.com\/wp-json\/wp\/v2\/media?parent=3515"}],"wp:term":[{"taxonomy":"chapter","embeddable":true,"href":"https:\/\/attributeswp.com\/wp-json\/wp\/v2\/chapter?post=3515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}