Ready to get started?Download WordPress

Plugin Reviews

OTP and Passwords for Google Authenticator, McAfee, DS3 ...

Easy secure login, use password or OTP as you need. Works with Smart Crib dongles and free apps: Google Authenticator, Pledge, DS3 OATH, AuthWay Token

3 reviews
Average Rating
4.3 out of 5 stars
Username / password + OTP
By , for WP 4.0

I think this is great in the way it is. However I would like to have an option to use both password and otp to require login.

If someone gets ahold of my OTP device/software used for authentication, this OTP can still allow them to login without knowing the password.

So i am requesting that requiring both username/password and otp to be entered so that the above example cannot be done.

Great support
By , for WP 3.8.3

I had some issues when installing the plugin. I emailed the support contact and Dan helped me resolve the problem quickly. Very professional.

summary - yes, do OTPs!
By Plugin Author, for WP 3.5.1

Let me be straight - this is a self-review. The reason - to give you some confidence.

And to get you thinking why not to use this plugin and 2 factor authentication.

  • We made the plugin so that it does not make it any harder for users of your blog that want to use their passwords.
    • The login page is the same and you can decide whether you want to use a password or an OTP.
    • You can still use your password in our office / home and OTP when you are in town or at the airport or ...
    • Anyone can scan an QR code to Google Authenticator, or type their own new secret (aka seed) when they want - in their Profile (top right corner with your name)
  • Security Part A - Absolute Strength
    • Average static password has the strength of a 3.2 characters' long random string.
    • 6 digit OTP is like 3.2 characters' long random string (for 8 digits it is 4.4 characters), when you add a PIN (4 digits), you get 5.3 characters.
    • Actually, 5.3 random characters translates to billion of guesses to find the right one.
  • Security Part B - Why Is 6 Digit OTP Better Than Average Password.
    • The chance someone guesses it is the same.
    • Hackers usually use robots to find passwords - store them in a file to use later. Guess what, stored OTP will not work as it can be used only once.
    • Hackers are clever and once they find a password/OTP they will use it. Well, they can post some spam but it is their one-off. They will not be able to do it again.
  • Security Part C - Insecure Networks.
    • Do you sometime want to login to your blog via a random WiFi? OTPs are much better than passwords. Even when eavesdropped, they will not work the next time.
    • It is much safer to use OTPs when you use someone else's endpoint network.
  • No security is perfect and even OTPs can be bypassed but it is definitely a step in the right direction!

Just give it a shot, do the two clicks to install and activate. Install Google Authenticator and scan the QR or buy one of our dongles - to get your digital key that you can use for strong static passwords as well.

You must log in to submit a review. You can also log in or register using the form near the top of this page.