Two-factor authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. In this context, the two factors involved are sometimes spoken of as something you have and something you know. A common example of two-factor authentication is a bank card: the card itself is the physical item and the personal identification number (PIN) is the data that goes with it.
Many organizations protect local and remote logins with a simple username and password. Entering these two pieces of information grants access to company databases, email accounts, and other sensitive information. But passwords are notoriously insecure. Many users choose weak passwords which can be easily guessed or cracked. Phishing attacks trick people daily into revealing their passwords, and users on unsecured networks (e.g. at coffee shops) can have their passwords sniffed. Malicious viruses and spyware can capture passwords and send them over the network to attackers.
Furthermore, it’s impossible to tell who has access to your users’ accounts, or even if anyone is accessing them illicitly. In the past year alone, attackers have compromised Sony, HBGary, and Gawker (and many more) by simply gaining knowledge of users’ passwords.
Clearly passwords are not enough for protecting important logins.
“Protect your WordPress site from attackers in 2 minutes with Authy”
The Plugin: https://wordpress.org/extend/plugins/authy-for-wp/
Techcrunch on Authy for WP: https://techcrunch.com/2013/01/31/authy-brings-two-factor-authentication-to-self-hosted-wordpress-sites/
A two factor authentication plugin available for WordPress that has been around for a while: Duo
More from the Duo site: https://blog.duosecurity.com/2013/01/introducing-the-duo-5-minute-challenge/
The Plugin: https://wordpress.org/extend/plugins/duo-wordpress/