• Plugin Author Dan Cvrcek


    Let me be straight – this is a self-review. The reason – to give you some confidence.

    And to get you thinking why not to use this plugin and 2 factor authentication.

    • We made the plugin so that it does not make it any harder for users of your blog that want to use their passwords.
      • The login page is the same and you can decide whether you want to use a password or an OTP.
      • You can still use your password in our office / home and OTP when you are in town or at the airport or …
      • Anyone can scan an QR code to Google Authenticator, or type their own new secret (aka seed) when they want – in their Profile (top right corner with your name)
    • Security Part A – Absolute Strength
      • Average static password has the strength of a 3.2 characters’ long random string.
      • 6 digit OTP is like 3.2 characters’ long random string (for 8 digits it is 4.4 characters), when you add a PIN (4 digits), you get 5.3 characters.
      • Actually, 5.3 random characters translates to billion of guesses to find the right one.
    • Security Part B – Why Is 6 Digit OTP Better Than Average Password.
      • The chance someone guesses it is the same.
      • Hackers usually use robots to find passwords – store them in a file to use later. Guess what, stored OTP will not work as it can be used only once.
      • Hackers are clever and once they find a password/OTP they will use it. Well, they can post some spam but it is their one-off. They will not be able to do it again.
    • Security Part C – Insecure Networks.
      • Do you sometime want to login to your blog via a random WiFi? OTPs are much better than passwords. Even when eavesdropped, they will not work the next time.
      • It is much safer to use OTPs when you use someone else’s endpoint network.
    • No security is perfect and even OTPs can be bypassed but it is definitely a step in the right direction!

    Just give it a shot, do the two clicks to install and activate. Install Google Authenticator and scan the QR or buy one of our dongles – to get your digital key that you can use for strong static passwords as well.

  • The topic ‘summary – yes, do OTPs!’ is closed to new replies.