OTP And Passwords For Google Authenticator, McAfee, DS3 … Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
From version 2.0, we support TOTP (Time OTP) as well as HOTP (Event/counter OTP) versions of one-time passwords. The plugin also enforces a password policy for short or weak passwords (based on real hacking attacks).
SUPPORTED HARDWARE TOKENS
- Password S-CRIB (Smart Crib).
- Yubikey (Yubico).
- … let us know which you’d like us to test.
SUPPORTED SOFTWARE TOKENS / APPS
- Google Authenticator (iTunes).
- McAfee Pledge (by Nordic Edge AB) (iTunes, McAfee).
- DS3 OATH (iTunes, Android Apps, DS3 Global).
- AuthWay Token (iTunes).
- OTP (by GMB eyeT Ltd) (iTunes).
- HDE OTP (iTunes).
- OTP Auth (iTunes).
- …. let us know if you want us to test any other.
“OTP and Passwords” for WordPress works with Smart Crib (Password S-CRIB), Google Authenticator, Pledge (McAfee), DS3 OATH, AuthWay Token, and other OTP generators. It creates QR codes (Google Authenticator or Pledge) and also allows to type OTP secrets manually.
“OTP and Passwords” introduces one time password (OTP) authentication into Wordpress (we now support counter/event mode as well as time-based OTP according to standard OATH). The plugin has been design for use with Password S-CRIB dongles but we also tested it with Google Authenticator (iOS, Android), Pledge (iOS, Android), DS3 OATH (iOS, Android), and AuthWay Token. It is compliant with RFC4226 and RFC 6238 when the OTP code can be 6, 7, or 8 digits long.
You can enable OTP on your account through “Edit My Profile” page (accessible from top right corner when logged in). Administrators can do the same for other users by selecting their names from from the list of users
You can set OTP secret as well as PIN – highly recommended as the minimum length of OTP codes should be 10 digits! When PIN is set, users get a full 2 factor authentication. The PIN can be any string of up to 32 characters – so you can use a password as the PIN.
To login, just enter your PIN (if set) and OTP code into the password box. Your previous static password will still work so you can use it to login if/when you want.
OTP login will require an additional OTP code if there were 5 (6-digit OTP) or 10 (7 and 8 digit OTP) unsuccessful tries. This is a new policy replacing timeouts. It turns out that the internet is indeed a toxic place and OTP authentication got locked-down way too often.
You can purchase Password S-CRIB from Amazon UK (+26 EU countries), Amazon US or Paypal.
Screenshots
-
Sample login page
-
Configuration in the user profile page
-
Warning when an additional OTP code is required