Support » Plugin: Google Authenticator » Great for security

  • Just giving 4 stars, because of:
    * undocumented feature “use app password” – what does it do??
    * I’d prefer a 2nd login page for the time based password, so unauthenticaed users dont see you’re using this plugin.

    Otherwise it is an excellent plugin which greatly enhances your security. Very much recommended!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Samuel Wood (Otto)

    (@otto42) Admin

    The “App Password” is needed if you use a mobile application like the WordPress for Android or iPhone.

    In 2-factor authentication, you use your normal password and the numeric password from the device. However, if you use the mobile applications, they have no way to input that second password. So using the plugin will, by default, make those mobile application logins fail.

    Google 2-factor authentication supports setting up a password on a per-application basis. You can go to your google accounts screen and create those passwords, then copy them down somewhere and use them to login for apps that don’t support the 2nd factor. In this case, you would enable the app password, create an app password specifically for mobile use on your blog, and then copy it in this field.

    Doing this effectively disables the 2-factor authentication for the mobile device apps like WordPress for Android and iPhone (or anything using XMLRPC, in fact). However, if you later want to cut off all access via that route, you can just go to Google accounts and immediately invalidate that password, and thus the mobile apps will be cut off. So this is still slightly more secure by giving you that cutoff point.

    I see. I know these application specific passwors. I just got confused by “app password” instead of “application specific password”.

    Now it’s clear to me – thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Great for security’ is closed to new replies.