This feature adds Two-Factor Authentication functionality that can be used together with authenticator apps like Google Authenticator, Microsoft Authenticator, LastPass Authenticator and others to provide improved security.
Activating Two-Factor Authentication
To activate this feature go to Profile Builder -> Settings and in the Two-Factor Authentication tab select Yes for the “Enable Two-Factor Authentication” drop-down, select which user roles will have access to the functionality and then click Save Changes. Once activated the users with valid user roles will be able to enable Two-Factor Authentication from the Edit Profile form.
Activating Two-Factor Authentication as a User
If a user has one of the selected user roles they will be shown a Two-Factor Authentication section at the bottom of the Edit Profile form. If they have an Authenticator app they can use it to activate the functionality.
Here is an overview of the Two-Factor Authentication fields:
- Checking the checkbox for the Activate field will reveal the rest of the Two-Factor Authentication settings.
- Checking the checkbox for the Relaxed Mode field will enable it and allow for higher time drifting when checking the TOTP at login.
- The Description field will default to the website name and can be customized. This will be displayed as a name in the Authenticator app if the QR Code is used.
- The Secret field contains a randomly generated secret key that will be used to set up the the new entry in the selected Authenticator app. The New Secret button below it can be used to get a new code and the QR Code button will show said code. Making changes to the Description field will hide the code as a new one must be generated.
- Verify TOTP is used to make sure a user has actually set up Two-Factor Authentication in their chosen app so that they do not lock themselves out of their account by accidentally enabling the functionality. A valid TOTP generated by the app must be provided and check using the Check button before any changes can be made.
To set up the functionality in the selected Authenticator app you can either scan the QR Code or manually enter the Description and Key.
Here is an example where the Key and Description are manually entered into the Google Authenticator App:
This is what the final entry will look like in the app:
Authenticator Code Field
This is the field that will be displayed on the Login form when users that have enabled the Two-Factor Authentication functionality attempt to log in. These users will have to input a valid TOTP (Time-Based One-Time Password) into it before they can do so.
There is a shortcode argument that will permanently enable the field for a specific Login form as long as Two-Factor Authentication is enabled: [wppb-login show_2fa_field=yes]