Let me be straight - this is a self-review. The reason - to give you some confidence.
And to get you thinking why not to use this plugin and 2 factor authentication.
- We made the plugin so that it does not make it any harder for users of your blog that want to use their passwords.
- The login page is the same and you can decide whether you want to use a password or an OTP.
- You can still use your password in our office / home and OTP when you are in town or at the airport or ...
- Anyone can scan an QR code to Google Authenticator, or type their own new secret (aka seed) when they want - in their Profile (top right corner with your name)
- Security Part A - Absolute Strength
- Average static password has the strength of a 3.2 characters' long random string.
- 6 digit OTP is like 3.2 characters' long random string (for 8 digits it is 4.4 characters), when you add a PIN (4 digits), you get 5.3 characters.
- Actually, 5.3 random characters translates to billion of guesses to find the right one.
- Security Part B - Why Is 6 Digit OTP Better Than Average Password.
- The chance someone guesses it is the same.
- Hackers usually use robots to find passwords - store them in a file to use later. Guess what, stored OTP will not work as it can be used only once.
- Hackers are clever and once they find a password/OTP they will use it. Well, they can post some spam but it is their one-off. They will not be able to do it again.
- Security Part C - Insecure Networks.
- Do you sometime want to login to your blog via a random WiFi? OTPs are much better than passwords. Even when eavesdropped, they will not work the next time.
- It is much safer to use OTPs when you use someone else's endpoint network.
- No security is perfect and even OTPs can be bypassed but it is definitely a step in the right direction!
Just give it a shot, do the two clicks to install and activate. Install Google Authenticator and scan the QR or buy one of our dongles - to get your digital key that you can use for strong static passwords as well.