I recently began using Two Factor authentication, along with SSLs and Google reCAPTCHA as a matter of SOP for website clients. Security is more important now than ever and simply relying on standard security measures like user names and passwords just don't cut it.
Personally, I like to stick with the big brand and mainstream products because I feel they are better maintained and reliable. I don't have the time and luxury to support the bug fixes, trials
I decided on a particular plugin for WordPress sites when I happened upon the Two Factor plugin by George Stephanis and realized this was the same person that had written a blog post that I had also just read while researching the issue of two-step authentication for WordPress. Then I found the GitHub page for it and put it all together. George works with Automattic!
Automattic is the official authority for wordpress.com, these are the guys that make it all happen and it doesn't get more official than this where plugins are concerned. I'm already sold, but that isn't the best part. I found that this plugin is actually the development platform for the Two Factor authentication that will become part of the WordPress core, meaning part of the actual product itself.
For now, here is my contribution. I have created a short video about how to setup the plugin using the FIDO U2F key by Yubico. In future blog posts, I will cover the Authy extension for Google Chrome, and how to generate Backup Codes in case you lose your key(s) or Authy stops working for whatever reason.