For a while now I’ve used two-factor authentication with my Google Apps account. That is the combination of something you know – your password – and something you have – in this case a free App for your smartphone that generates a new six-digit code every thirty seconds.
What I didn’t realise was that it was an open-source project that you could implement on any website or service that you cared to and that someone has helpfully created a WordPress plugin that does exactly that.
In the current version (0.38) there seems to be a bug where you can’t have spaces in the description field, but other than that it works a treat and I’ve already installed it on a couple of WordPress sites I run.
Note: the plugin requires SHA1 and SHA256 hashing algorithms to be available on the server. Helpfully it will check for these when it activates, so you don’t have to worry about tracking them down if your not sure.