WP Engine, the provider of the WordPress hosting platform (on which this site runs), has now embraced two-factor authentication via Google Authenticator.

It’s a relatively simple yet effective means of improving security for WordPress users, turning their phones into security keys. To activate it, a user needs only to download the Google Authenticator app and to turn on two-factor authentication in the WP Engine User Portal. From there, WP Engine will send the user a QR code which, once entered, will sync the phone with that user’s WP Engine account. From there, Google Authenticator will provide new QR codes via the user’s smartphone to enable the extra layer of authentication.

While users who opt in to the free service will still have the option to stick with the same second-factor login for 30 days at a time, as stored on their phones, even that would represent a substantial improvement over the traditional username an password login architecture.

Announcing the new security option on the company’s blog, WP Engine Director of Security Eric Murphy explained that “the best offense is a good defense,” and urged users to “build up your defense with two-factor authentication and protect your account, your sites, and your business.”