WordPress.org

Forums

  1. Dan Cvrcek
    Member
    Plugin Author

    Posted 1 year ago #

    Let me be straight - this is a self-review. The reason - to give you some confidence.

    And to get you thinking why not to use this plugin and 2 factor authentication.

    • We made the plugin so that it does not make it any harder for users of your blog that want to use their passwords.
      • The login page is the same and you can decide whether you want to use a password or an OTP.
      • You can still use your password in our office / home and OTP when you are in town or at the airport or ...
      • Anyone can scan an QR code to Google Authenticator, or type their own new secret (aka seed) when they want - in their Profile (top right corner with your name)
    • Security Part A - Absolute Strength
      • Average static password has the strength of a 3.2 characters' long random string.
      • 6 digit OTP is like 3.2 characters' long random string (for 8 digits it is 4.4 characters), when you add a PIN (4 digits), you get 5.3 characters.
      • Actually, 5.3 random characters translates to billion of guesses to find the right one.
    • Security Part B - Why Is 6 Digit OTP Better Than Average Password.
      • The chance someone guesses it is the same.
      • Hackers usually use robots to find passwords - store them in a file to use later. Guess what, stored OTP will not work as it can be used only once.
      • Hackers are clever and once they find a password/OTP they will use it. Well, they can post some spam but it is their one-off. They will not be able to do it again.
    • Security Part C - Insecure Networks.
      • Do you sometime want to login to your blog via a random WiFi? OTPs are much better than passwords. Even when eavesdropped, they will not work the next time.
      • It is much safer to use OTPs when you use someone else's endpoint network.
    • No security is perfect and even OTPs can be bypassed but it is definitely a step in the right direction!

    Just give it a shot, do the two clicks to install and activate. Install Google Authenticator and scan the QR or buy one of our dongles - to get your digital key that you can use for strong static passwords as well.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • OTP and Passwords for Google Authenticator, McAfee, DS3 ...
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.