WordPress.org

Ready to get started?Download WordPress

Ideas

2 step verification

  1. Akemi_Mokoto
    Member

    I think it would be a good idea for WordPress to give users the ability to set up 2 step verification to decrease the odds of being hacked greatly. Allow users to do the double log in by first entering their password on their WordPress self-hosting blog, THEN require them to either enter a code sent to their email or cell phone(preferably) in order to log in AND keep tabs on the IP logins to that wordpress blog.

    Posted: 1 year ago #
  2. McDragon
    Member

    12345

    I agree. I think this functionality should be built in and robust and also support the mobile apps.
    There has been a lot of publicity about WP security and I think 3.7 goes a step forward but you should have also implemented 2-level authentication

    Posted: 8 months ago #
  3. Ipstenu (Mika Epstein)
    Administrator

    At this time, we can't do it because we don't have something that works 100% on all server setups. So you're in plugin land for now.

    Once we can make it work on Shared hosts around the world, this may change, btu there are server requirements we just don;t have yet.

    Posted: 8 months ago #
  4. netik
    Member

    I'm unsure why this wouldn't work everywhere. We can do this in a server-agnostic way.

    We have the following available to us:

    1) Open source crypto code for key generation and storage -- the HMAC_TOTP Algorithm is widely known

    2) HTML5 Canvas based display of QR Codes. (no need for PHP or imagemagick)

    3) Google Authenticator, free everywhere on all mobile devices.

    I would be willing to write this code and submit a patch. I'm new to working on WordPress but I'm a seasoned developer and lead Twitter's security team. This would not be new ground for me.

    Posted: 5 months ago #
  5. Ipstenu (Mika Epstein)
    Administrator

    #3 makes a massive presumption.

    Does every WP user have a mobile device?

    Does every WP user have a mobile device capable of using GA?

    Does every WP user want to use Google's brand of authentication?

    We have this plugin: http://wordpress.org/plugins/google-authenticator/

    I think it handles things pretty well for everyone who needs that. If you can fix the server agnosticism (and remember we're talking Windows, Linux, Apache, nginx, every flavor of PHP from 5.2 on up and so on), that's a great leap! But it's going to be a while before this would land in core because the tfa requirements of a cell phone that can handle it aren't there yet :/

    Posted: 5 months ago #
  6. netik
    Member

    Let's take a step back.

    What I'm saying is to have a stronger basic security feature set available in the core product. At a minimum, have IP whitelists for wp-admin. If we take the approach of security by default instead of 'security when you remember to install a plugin', we make the Internet more secure in general.

    For #3:

    You're right. 2FA is an advanced topic. But...

    I think it's safe to assume that a very high percentage of WP users have mobile devices. Even if they don't, that's no reason not to support the aforementioned IP restrictions in code.

    GA requires an Android or iPhone, but here's the best part: It's wrong to assume that this is Google branded authentication.

    It's an open RFC that Duo, Google, and many others support, and the reason why I suggest it is because of it's openness. Anyone can write code to make it go and there are literally hundreds of vendors that sell tokens for the service.

    HOTP and TOTP:
    http://tools.ietf.org/html/rfc6238

    Posted: 5 months ago #
  7. Ipstenu (Mika Epstein)
    Administrator

    At a minimum, have IP whitelists for wp-admin.

    You mean block everyone BUT certain IPs? Because if you're thinking the htaccess block like that, it's a bloody nightmare to support.

    I'm not disagreeing it would make things more secure, I'm just picturing the first time someone tries to log in from mom's computer and can't, and doesn't know how to fix it. Who do they contact? The webhost?

    GA requires an Android or iPhone, but here's the best part: It's wrong to assume that this is Google branded authentication.

    Oh I know, but the iOS app is GA's (I presume the Android one is as well). Now WP could put that in their app instead, which would be nifty.

    But we're still back to the presumption that people could use 2FA on their phones.

    I think it's safe to assume that a very high percentage of WP users have mobile devices.

    I think a high percentage isn't enough, when you may be crippling your product for the rest :)

    This would absolutely have to be optional and set to off, because if it's on and people can't get in, well... Also is this even accessible to people who can't see? We're not even talking about folks who don't have phones, or mobile phones capable of this sort of thing. China? Africa? They have enough issues as is.

    Posted: 5 months ago #

RSS feed for this topic

Reply

You must log in to post.

  • Rating

    12345
    3 Votes
  • Status

    This is plugin territory