Users can have common or weak passwords that lets hackers bots brute-force your WordPress site and gain access to your files and place malware there..
It doesn't matter how weak your users passwords are, no one can gain access to your WordPress site without already having access to the mobile phone or email inbox ..
This plugin uses TOTP or HOTP for creating One Time Passwords..
Since you have to enter secret code to third party apps, email is the default way of delivering One Time Passwords.
If you want to use third party app, goto Two Factor Auth in the menu and activate it and set up your app..
Settings for each individual user can be found at the root level of the menu, Two Factor Auth..
I will be adding plugin that puts One Time Password field to WooCommerce.
But this requires the time to be sync the time.
If you have somewhat slow server have chosen delivery, you might not get TOTP in time..
Note that email delivery users always uses the site default algorithm, which you can set on the settings page.
Read more
Related items:
