The Heartbleed bug was one of the worst online security vulnerabilities in recent memory, allowing an attacker to read chunks of a server’s memory that might contain private keys, authentication credentials, and other sensitive data. In the wake of Heartbleed, it’s a good time for WordPress site owners to audit their security procedures and implement mechanisms for keeping their site and its users safe. Two-factor authentication is one easy-to-implement security strategy that makes life more difficult for hackers.
The normal username / password combination can be thought of as one-factor authentication. There is one secret token that will grant access to the site. Two-factor authentication adds another token, which can be generated in various ways: most commonly by using an application to provide a one-time password, a physical token like a Yubikey, or a biometric factor like a fingerprint.