My go-to Authy is gone — we'd have to build our own plugin to integrate with their API and they only allow 100 check-ins for free, with no open-source program.

Checked out https://wordpress.org/plugins/keyy (recommended by someone who previously used the Authy plugin) which looks cool, but after reading through the support forum, their mobile apps cause issues which is a non-starter for us. We need this to be as simple and painless as possible — not constantly apologizing for bugs and saying go download the new version.

So that leaves https://wordpress.org/plugins/two-factor-authentication/.

I saw a nice flow recently that worked like this:

• when logging in, what's your phone #
• send code to phone #
• enter code

for us:

• what's your phone #
• here's your code to scan into whatever app you want to use (Authy, Google Authenticator, FreeOTP)
• username/pwd
• then request code

I'm also thinking that we don't really care about pwd, because then we'll need to help people get setup with a password manager.

We'll also need to have a plan for people who lose phone or codes.

@naomicbush I use https://wordpress.org/plugins/two-factor/ on my website and it works great. I use it with Authy.

@wpscholar ooo, I like that one a lot better. Going to test it out.

It didn't come up in my search because "2FA" or "two-factor authentication" or "two factor authentication" is nowhere on the page 😕

@wpscholar looks like it's going to require some modification before it's usable for us.

1. we need to have 2FA turned on for everyone — it should not be chosen by the user
2. the only method we want available is TOTP
3. backup codes should be automatically available for everyone
4. settings/code generation should be available on the front-end

Looks like there are issues or PRs open for all of those, but the authors don't have any time to work on them