Rublon Two-Factor Authentication
Suggestion: add roles & capabilities support (3 posts)

  1. Alvaro Degives-Mas
    Posted 2 years ago #

    I'm increasingly impressed with the philosophy of use of Rublon; to me it's really two-factor authentication (TFA) for the rest of us (pardon the riff off Apple's original claim of surprisingly effective simplicity). I love it and hope it attracts a lot of users because it's truly PERFECT for us security-minded site administrators in providing login security without too much hassle for the user.

    Now, if you'll allow me, I have a suggestion. The WordPress system permits granting plugins per-user right to use, depending on that user's role / capabilities. So, why not add something so that the top-level user, the administrator, can select which roles (categories of users) may use Rublon, or indeed must use Rublon? It makes sense to mandate use of Rublon's TFA for higher-level users.

    So, the suggestion is to add an option in the control panel for (only) the site administrator to select (via checkboxes) which roles must use Rublon, and which ones may use it. I believe that especially the possibility of making use of Rublon mandatory for certain level of users (e.g. editors, authors) is very useful, in a multi-user (cooperative) type blog.


  2. Rublon
    Plugin Author

    Posted 2 years ago #

    Hi Alvaro

    Thank you very much for your kind words. Vint Cerf, one of the fathers of the Internet, recently asked everybody who's building any platform that involves identifying users, to "please use two-factor authentication". This security mechanism will become ubiquitous in a few years. Our goal is to make two-factor authentication as seamless as possible.

    Your suggestion about adding roles & capabilities support is great. Thank you! We will be looking into this and will definitely implement this in one of our future releases.

    Best regards

    Michal Wendrowski
    [sig moderated as per the Forum Rules]

  3. Ivica Delic
    Posted 2 years ago #

    This seems as fantastic security concept/product for WP. I see that users on W.org are thrilled and giving the highest grades, but as I just discovered Rublon I didn't have a chance, yet, to test it. I'll do it as son as possible (on my test site).

    In the meantime I support Alvaro's request - it would be fantastic to be able to mandate use of Rublon for web sajts administrators (and some other roles), but not to mandate it for (let's say) subscribers or similar (administrators to choose). This is for example extremely important if you have web shop and you ask your customers to create account before buying... in this case they would have to use Rublon to login which would (for sure) reduce sales.
    Therefore, thank you guys very much for your planning to add this option in some next release.


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Rublon Two-Factor Authentication
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic