First, you need to understand what exactly 2-Factor Authentication is - you can read the first part of this blog post here explaining that.
Note: This option/feature is no longer applicable to the latest version of the Shield Security plugin and is here for reference purposes only.
Shield Security can provide 2-factor authentication to your site based on the IP address of the connecting visitor.
So, when 2-factor authentication is enabled by IP address, and user attempts to log into their account, the system will ask:
- What is the IP address of the connecting user. (you can find your IP address, for example, by going here)
- It will then look up the database and ask - has this username validated their identity while connected to the site using that IP address?
If the answer is 'Yes', then the login will be permitted.
If the answer is 'No', login will be temporarily rejected, and an email sent to that user's registered email address asking them to click a verification link.
This effectively tells the firewall that:
- The username with that email address, connecting to the site from that new IP address is actually who they say they are
And this is the power of 2-Factor Authentication by IP address.
When Not To Use This Feature
This feature shouldn't be used if user accounts on a site are shared amongst multiple people, that connect from different locations (IP Addresses). Each login attempt will invalidate any previous session.