Disable 2 factor from email and keep only Authenticator Google

  • Resolved peopleinside

    (@peopleinside)


    1 year, 5 months ago

    Hi,
    I configured Shield Security to require 2 factor by email but I want allow to who want configure the more secure Google authenticator to disable the two factor by email who can be less secure.

    I see that in my profile when I activate the Google auth the email two factor still be active and I cannot disable. This is maybe made by you because if user cannot access to the app code, as there is no recovery code in the free version, user can request an email but this is less secure. I use to configure the google app because is more secure but when I log in I have the both options. This is not very good for security.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Jelena

    (@jmisic)

    Hi,

    Thanks for your questions.

    Shield Security provides solid login security protection for WordPress sites. It effectively thwarts brute force login attempts through simple, non-intrusive methods while ensuring the verification of all logged-in users. Many of Shield’s features are available for free. However, some advanced ones are reserved for the Pro version, as these help support the ongoing development of Shield.

    Regarding email-based 2FA, you can’t disable it for your user profile because, based on your settings, you are enforced to use it.

    If you don’t want to use it, you want to disable it for your profile completely, you’ll need to remove “administrator” user role from the 2FA settings. If you’d like to have the ability to choose to use it or not, you’ll need Pro option. So,

    1. Enforce for Specific User Roles: This is based on user roles. You can require certain user roles to use 2FA by email. Users with the roles specified on the list in settings won’t have the option to disable it from their profile. They must use it for their login.

    2. 2FA-Allow Any User (Pro): Based on user account (username).
    Users with roles not specified in the first option can choose to use 2FA by email or not. These users will not be enforced to use it. They can disable or enable it on their user profile, whatever they prefer.

    Google Auth is based on user account (username) and it’s optional option.
    It is separate option and not connected to the 2FA by email in any way.
    User can’t be enforced to use it for their login thought this is on our feature roadmap for future releases. When you turn on Google Auth system in settings, the all users regardless of their roles can decide if they want to use it or not. The configuration settings will be available on their user Profile.

    Since you’re running Shield Free, you can

    1. 2FA by email: Choose user roles you want to must-use this option. List those roles on the?Enforce-Email Authentication list.
    2. The user roles that are not on the list will have 2FA by email disabled – not available on their user Profile at all. They will not be required to verify their login with 2FA by email and can use Google Auth only instead. But, you can’t enforce them to use Google Auth, it’s optional.

    Users (user roles) that are enforced for 2FA by email, can also add an extra Google Auth layer.

    Hope this helps…

    Regards,

    Jelena

    Thread Starter peopleinside

    (@peopleinside)

    In this case I have to use another extension for two factor. Thanks for the clarification but is exactly issues I found just explained here is working in this way for you.

    I was hoping your extension force user with some role to have at last one 2 factor so email and when app auth is used and configured email are turned automatically off. But this will require to have backup codes that is a premium feature.

    Great I mark this as resolved.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Disable 2 factor from email and keep only Authenticator Google’ is closed to new replies.