When you log into your website, you need a username and a password - something which we all know could theoretically be guessed by somebody trying to gain access to your website or stolen using a keylogger which intercepts the keys you press on your computer. This represents quite a significant risk and has resulted in all kinds of problems over the years.
Two-factor authentication improves the security of your site by requiring something you know (your username and password) alongside something you have (an authorisation token). This means that if somebody manages to get your username and password, they still can't log in without the randomly generated authorisation code from your device.
Joomla! 3.2 allows you to use Google Authenticator (an app you can download from the app store) or a YubiKey - a small device which can be used to generate a random password at the touch of a button (read more here) - to generate an authentication token which then allows you to log in when provided in conjunction with your username and password.
We have been trialling the Yubikey method in the office, and we were really impressed by the simplicity of both setting up the two factor authentication and using the device to log in, that we are planning to roll this out to all of our clients who have server or website support contracts with us over the coming months.
Here is a video explaining how Two Factor Authentication works - if you'd like more information do get in touch!
<iframe width="560" height="315" src="https://www.youtube.com/embed/NbG6eehASW8" frameborder="0" allowfullscreen></iframe>