Thanks for producing this plugin.
I hope you don’t mind me saying, that I believe the following 3 features would make this good plugin near perfect:
#1. Remember user has logged in successfully from a machine for 30 days if the ‘remember me’ on the login screen is ticked. In that case, require that they still enter the password, but don’t require them to enter the authenticator code. On a public terminal user doesn’t tick remember me, on their home machine they tick remember me and for 30 days they don’t have to enter the authenticator code. Settings page for system-wide enable/disable of this feature, and enable setting the number of days the cookie should last for. It might also be nice to give different machines different cookie values for a given user. Could then have the option to list the machines in the user profile page and have the ability to ‘revoke’ the remember for a specific machine.
#2. Settings page that allows system wide ‘force’ users to enable this on next login. Could enable/disable this on a per role basis, so for example you could have admins, authors etc forced to have it but subscribers allowed to make their own choice.
#3. Generate, for each user, a 16 character ‘backup’ code which, when can be used in place of the authenticator code during login, and emphasis the idea that this should be written down and stored in a safe place. Give you ultimate recovery should you have a problem with your phone.
At the moment, although I love this plugin and have it installed on sites for which I am the exclusive user, it is ‘becoming tedious’ very quickly. Suggestion #1 alone would make it much more useable if, for example, it only checked the code every 10th day or so.
Thoughts – comments – suggestions appreciated.
And thanks again for your efforts
- The topic ‘[Plugin: Google Authenticator] Good start, but these features would make it great’ is closed to new replies.