WordPress.org

Ready to get started?Download WordPress

Forums

Two Factor Auth
[resolved] a little confused (6 posts)

  1. corelan
    Member
    Posted 1 year ago #

    Hi,

    Would it be possible to add some info on how to use the OTP feature in the login page ? People seem to be confused by the button that asks them to enter the OTP key... It would be better if the page indicates that they have to click the button to generate the key; and they have to check their mailbox to get the key

    http://wordpress.org/extend/plugins/two-factor-auth/

  2. oskarhane
    Member
    Plugin Author

    Posted 1 year ago #

    Yes, it's on my todo list.
    I will write a small text above the button with some explanation for whats going on and why the button is there.
    Will be released later this week.

  3. corelan
    Member
    Posted 1 year ago #

    thanks

    would it also be possible to provide a switch to disable two factor for xmlrpc ? It looks like windows live writer doesn't play nice with the plugin.
    thanks

  4. oskarhane
    Member
    Plugin Author

    Posted 1 year ago #

    Ah, yes, I'll look into fixing the XMLRPC issue.
    Thanks.

  5. oskarhane
    Member
    Plugin Author

    Posted 1 year ago #

    In the new version (4.2.2) Two Factor Auth for XMLRPC is disabled by default. There is a switch under "Settings"->"Two Factor Auth" to turn it on.

    There is also a new small text by the OTP-field on the login text advising users to check their email.

  6. corelan
    Member
    Posted 1 year ago #

    thanks for the updates

    may I suggest one more change ? Right now, the users may still be confused about the text of the button itself... I guess it would make sense to indicate that they need to click the button to generate / send the OTP code...

    Alternatively, maybe it would even make sense to ask users to enter the OTP on a separate page, *after* they have authenticated... that way you can simply send the OTP without even asking users to click the button; and only after the user has been authenticated already...

    Not sure if that is possible tho without causing other security issues... was just thinking out loud

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.