Plugin Directory

Test out the new Plugin Directory and let us know what you think.
!This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

OTP and Passwords for Google Authenticator, McAfee, DS3 ...

Easy secure login, use password or OTP as you need. Works with Smart Crib dongles and free apps: Google Authenticator, Pledge, DS3 OATH, AuthWay Token

From version 2.0, we support TOTP (Time OTP) as well as HOTP (Event/counter OTP) versions of one-time passwords. The plugin also enforces a password policy for short or weak passwords (based on real hacking attacks).


  1. Password S-CRIB (Smart Crib).
  2. Yubikey (Yubico).
  3. ... let us know which you'd like us to test.


  1. Google Authenticator (iTunes).
  2. McAfee Pledge (by Nordic Edge AB) (iTunes, McAfee).
  3. DS3 OATH (iTunes, Android Apps, DS3 Global).
  4. AuthWay Token (iTunes).
  5. OTP (by GMB eyeT Ltd) (iTunes).
  6. HDE OTP (iTunes).
  7. OTP Auth (iTunes).
  8. .... let us know if you want us to test any other.

"OTP and Passwords" for WordPress works with Smart Crib (Password S-CRIB), Google Authenticator, Pledge (McAfee), DS3 OATH, AuthWay Token, and other OTP generators. It creates QR codes (Google Authenticator or Pledge) and also allows to type OTP secrets manually.

"OTP and Passwords" introduces one time password (OTP) authentication into WordPress (we now support counter/event mode as well as time-based OTP according to standard OATH). The plugin has been design for use with Password S-CRIB dongles but we also tested it with Google Authenticator (iOS, Android), Pledge (iOS, Android), DS3 OATH (iOS, Android), and AuthWay Token. It is compliant with RFC4226 and RFC 6238 when the OTP code can be 6, 7, or 8 digits long.

You can enable OTP on your account through "Edit My Profile" page (accessible from top right corner when logged in). Administrators can do the same for other users by selecting their names from from the list of users

You can set OTP secret as well as PIN - highly recommended as the minimum length of OTP codes should be 10 digits! When PIN is set, users get a full 2 factor authentication. The PIN can be any string of up to 32 characters - so you can use a password as the PIN.

To login, just enter your PIN (if set) and OTP code into the password box. Your previous static password will still work so you can use it to login if/when you want.

OTP login will require an additional OTP code if there were 5 (6-digit OTP) or 10 (7 and 8 digit OTP) unsuccessful tries. This is a new policy replacing timeouts. It turns out that the internet is indeed a toxic place and OTP authentication got locked-down way too often.

You can purchase Password S-CRIB from Amazon UK (+26 EU countries), Amazon US or Paypal.

Requires: 3.0 or higher
Compatible up to: 3.9.0
Last Updated: 3 years ago
Active Installs: 30+


4.3 out of 5 stars


Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1