WordPress.org

Plugin Reviews

OTP and Passwords for Google Authenticator, McAfee, DS3 ...

Easy secure login, use password or OTP as you need. Works with Smart Crib dongles and free apps: Google Authenticator, Pledge, DS3 OATH, AuthWay Token

2 reviews
Average Rating
4.3 out of 5 stars
You are currently viewing the reviews that provided a rating of 5 stars. Click here to see all reviews.
Great support
By , for WP 3.8.3

I had some issues when installing the plugin. I emailed the support contact and Dan helped me resolve the problem quickly. Very professional.

summary - yes, do OTPs!
By Plugin Author, for WP 3.5.1

Let me be straight - this is a self-review. The reason - to give you some confidence.

And to get you thinking why not to use this plugin and 2 factor authentication.

  • We made the plugin so that it does not make it any harder for users of your blog that want to use their passwords.
    • The login page is the same and you can decide whether you want to use a password or an OTP.
    • You can still use your password in our office / home and OTP when you are in town or at the airport or ...
    • Anyone can scan an QR code to Google Authenticator, or type their own new secret (aka seed) when they want - in their Profile (top right corner with your name)
  • Security Part A - Absolute Strength
    • Average static password has the strength of a 3.2 characters' long random string.
    • 6 digit OTP is like 3.2 characters' long random string (for 8 digits it is 4.4 characters), when you add a PIN (4 digits), you get 5.3 characters.
    • Actually, 5.3 random characters translates to billion of guesses to find the right one.
  • Security Part B - Why Is 6 Digit OTP Better Than Average Password.
    • The chance someone guesses it is the same.
    • Hackers usually use robots to find passwords - store them in a file to use later. Guess what, stored OTP will not work as it can be used only once.
    • Hackers are clever and once they find a password/OTP they will use it. Well, they can post some spam but it is their one-off. They will not be able to do it again.
  • Security Part C - Insecure Networks.
    • Do you sometime want to login to your blog via a random WiFi? OTPs are much better than passwords. Even when eavesdropped, they will not work the next time.
    • It is much safer to use OTPs when you use someone else's endpoint network.
  • No security is perfect and even OTPs can be bypassed but it is definitely a step in the right direction!

Just give it a shot, do the two clicks to install and activate. Install Google Authenticator and scan the QR or buy one of our dongles - to get your digital key that you can use for strong static passwords as well.

You must log in to submit a review. You can also log in or register using the form near the top of this page.