WP Login Protect: One-Click Two Factor Authentication

Archive

Login Protect: One-Click Two Factor Authentication

Login Protect: One-Click Two Factor Authentication

Are Your Sites and Applications Protected by Passwords Only?

Today we announce Login Protect, the latest addition to Incapsula security capabilities. Login Protect allows easy and instant activation of Two Factor Authentication (2FA) on any website and web application. With Login Protect you can:

  • Protect login to administrative areas (e.g., WordPress or Joomla admin)
  • Protect remote access to corporate applications (e.g., employee portal, web mail)
  • Restrict access to sites or parts of a site (e.g., staging or invitation only areas)

Login Protect is provided with all Incapsula plans. The number of users and the verification methods vary, depending on the account’s plan.

Login Protect: Two-Factor Made Easy

Chances are you already use 2FA, either for your Gmail, Twitter or online banking account. But what about your own web properties? With the new Incapsula Login Protect you can activate 2FA in a single click with zero integration or coding.

The core benefits of Login Protect are:

  1. Simple Integration – Login Protect requires no additional installation on sites that are protected by Incapsula. With minimal configuration and no coding it can be activated within just a few minutes.
  2. Flexibility – Login Protect can be deployed on any web page (URL), with multiple forms of verification methods.
  3. Central Management -Login Protect offers centralized control over multiple logins, across several websites.

Setting up Login Protect

  1. Select Protected Pages – Visit your Incapsula control panel and choose the website you want to secure. Next, go to ‘Settings>>Login Protect’ and select the URLs or folders you wish to protect, using either exact match or one of the wildcard options.
    Tip: Securing all URLs that end with ‘admin.php’ is much better than securing the exact match of ‘admin.php’, because free parameters could be used to bypass your settings.
  2. Choose Authentication Methods – Click the checkboxes below to select one or more 2FA methods that will be available to your site users; E-mail, SMS or Google Authenticator.
  3. Grant Permissions – Select one or more names from your existing user list or add new users by clicking on the ‘Add Users’ button. Incapsula will auto-dispatch an activation email to all selected users. Once activated, these users will be able to use Login Protect 2FA to access the protected web pages.
    Tip: Incapsula will send an invitation email to all your new users. You can fully customize this email to fit your needs.
  4. New User Activation – Upon invitation, a user will receive an email with an activation link. Through this link, the user will be taken to a page where he will be asked to provide an email address or phone number for future authentication. Smartphone users will also be provided with a QR code for Google Authenticator.

Questions about Login Protect? Find all answers in this video Walkthrough.

Purchasing Additional Users

Login Protect is included in all Incapsula plans. Each account will start off with a pre-determined number of users, depending on the account’s plan. At any time Incapsula clients can purchase additional users, as needed. Incapsula Enterprise clients are also offered bulk purchase option, API integration and other customization features.

Visit our ‘Pricing and Plans’ page for more details.

Having a strong password is a good idea — not a fool-proof strategy. Fact is that you can’t fully control all of your organization’s passwords — you can’t manage the way they will be stored, shared or reused and there is no shortage of examples for devastating password related breaches.

‘in 2013 more than 90 percent of user-generated passwords, even those considered strong by IT departments, will be vulnerable to hacking. Inadequate password protection may result in billions of dollars of losses, declining confidence in Internet transactions and significant damage to the reputations of the companies compromised by attacks.’ Deloitte LLP

Through phishing, social engineering and brute force attacks the ‘weakest links’ can always be compromised. This makes your login page a lucrative target for hackers who view your password as a way to bypass security and gain access to your site and data. With a single compromised account, a hacker can create a chain effect, gaining access to other accounts that contain sensitive information in – what’s supposed to be – a secure environment.

Two-Factor Authentication

The high risk of password-related hacks has driven many organizations to adopt Two-Factor Authentication methods which verify the user’s identity by asking for ‘something you know’ and ‘something you have’. Simply put, ‘something you know’ is your password, which serves as your first authentication factor. The second factor, ‘something you have’, is usually your smartphone or access to an email account. By asking for both, 2FA prevents password related breaches, because passwords alone no longer suffice.