We have plugin specially made for that purpose. More about it you can find in the WordPress plugins page: WordPress.org
Six simple steps to ultimate security:
Step 1: Prepare your Notakey authentication server (on-prem or in cloud)
Step 3: Activate both WordPress plugins
Step 4: Create new Application and API access credentials in the Notakey appliance dashboard or choose exiting ones. You can use this WCP guide to do this. For access credentials use these scopes: urn:notakey:auth urn:notakey:usermanager urn:notakey:user urn:notakey:devicemanager
Remember to add Onboarding requirements. I am using “Phone number” onboarding type. User will receive sms with code after onboarding process will be initiated.
Step 5: Configure Notakey Two Factor extension plugin in your WordPress instance. Settings -> Notakey MFA
In the Authentication server tab fill-up all fields
You can find required values in Notakey Authentication Server Dashboard.
Service url: https://your_notakey_server.com
Client ID: Copy value from access credentials in Notakey dashboard
Client Secret: Click on the edit on the right side of your access credential and copy the secret
Service ID: Find it in your application->settings
Service Domain: Same as service url (if you do not have DNS SRV record)
Step 6: Onboard users. Download Notakey Authenticator on your mobile device. Log in into your WordPress server. Go to Users-> Two-Factor Options and push on Start onboarding. Enter your phone number or whatever onboarding settings were set in the Notakey Authentication Server, then push on Update settings. New user will be created in The Notakey Authentication Server.
Now scan QR code. Service domain will be added automatically to the Notakey Authenticator -> Services and onboarding window will be opened. Proceed with values you just set. After successful onboarding start to use your phone as a second factor.