Ready to get started?Download WordPress


OTP and Passwords for Google Authenticator, McAfee, DS3 ...
summary - yes, do OTPs! (1 post)

5 stars
  1. Dan Cvrcek
    Plugin Author

    Posted 1 year ago #

    Let me be straight - this is a self-review. The reason - to give you some confidence.

    And to get you thinking why not to use this plugin and 2 factor authentication.

    • We made the plugin so that it does not make it any harder for users of your blog that want to use their passwords.
      • The login page is the same and you can decide whether you want to use a password or an OTP.
      • You can still use your password in our office / home and OTP when you are in town or at the airport or ...
      • Anyone can scan an QR code to Google Authenticator, or type their own new secret (aka seed) when they want - in their Profile (top right corner with your name)
    • Security Part A - Absolute Strength
      • Average static password has the strength of a 3.2 characters' long random string.
      • 6 digit OTP is like 3.2 characters' long random string (for 8 digits it is 4.4 characters), when you add a PIN (4 digits), you get 5.3 characters.
      • Actually, 5.3 random characters translates to billion of guesses to find the right one.
    • Security Part B - Why Is 6 Digit OTP Better Than Average Password.
      • The chance someone guesses it is the same.
      • Hackers usually use robots to find passwords - store them in a file to use later. Guess what, stored OTP will not work as it can be used only once.
      • Hackers are clever and once they find a password/OTP they will use it. Well, they can post some spam but it is their one-off. They will not be able to do it again.
    • Security Part C - Insecure Networks.
      • Do you sometime want to login to your blog via a random WiFi? OTPs are much better than passwords. Even when eavesdropped, they will not work the next time.
      • It is much safer to use OTPs when you use someone else's endpoint network.
    • No security is perfect and even OTPs can be bypassed but it is definitely a step in the right direction!

    Just give it a shot, do the two clicks to install and activate. Install Google Authenticator and scan the QR or buy one of our dongles - to get your digital key that you can use for strong static passwords as well.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.