Twee-Factor Authenticatie
Beveilig WordPress login met deze twee-factor authenticatie (TFA / 2FA) plugin. Gebruikers voor wie het is aangezet hebben een eenmalige code nodig om in te kunnen loggen. Van de makers van UpdraftPlus – WP’s #1 backup/restore plugin, met meer dan twee miljoen actieve installs.
Ben je helemaal onbekend met TFA? Lees dan onze FAQ.
Functionaliteit (zie ook de “Screenshots” voor meer informatie):
- Ondersteunt standaard TOTP + HOTP-protocollen (en ondersteunt dus Google Authenticator, Authy, en vele anderen).
- Toont grafische QR-codes voor eenvoudig scannen naar apps op je telefoon/tablet
- TFA kan per rol beschikbaar worden gesteld (bijvoorbeeld beschikbaar voor beheerders, maar niet voor abonnees)
- TFA kan aan en uit worden gezet door iedere gebruiker
- TFA can be required for specified user levels, after a defined time period (e.g. require all admins to have TFA, once their accounts are a week old) (Premium version), including forcing them to immediately set up (by redirecting them to the page to do so)
- Supports front-end editing of settings, via [twofactor_user_settings] shortcode (i.e. users don’t need access to the WP dashboard). (The Premium version allows custom designing of any layout you wish).
- Site owners can allow “trusted devices” on which TFA codes are only asked for a chosen number of days (instead of every login); e.g. 30 days (Premium version)
- Encrypt the TFA-generating secret keys using an on-disk encryption key, so that an attacker would need to break into both your WordPress database and your files in order to break TFA codes (as well as breaking a user’s password in order to use them)
- Werkt met “Theme My Login” (de formulieren en de widgets)
- Ondersteuning voor WooCommerce en Affiliates-WP login formulieren
- Includes support for Ultimate Membership Pro
- Includes support for CozmosLabs Profile Builder
- Includes support for Ultimate Member login forms (Premium version)
- Ondersteunt Elementor Pro inlogformulieren (Premium versie)
- Ondersteunt bbPress inlogformulieren (Premium versie)
- Includes support for login forms from the Gravity Forms User Registration add-on (Premium version)
- Includes support for any and every third-party login form (Premium version) without any further coding needed via appending your TFA code to the end of your password
- Does not mention or request second factor until the user has been identified as one with TFA enabled (i.e. nothing is shown to users who do not have it enabled)
- WP Multisite compatible (plugin should be network activated)
- Simplified user interface and code base for ease of use and performance
- Added a number of extra security checks to the original forked code
- Alert users if someone appears to have found out their password, as indicated by successfully entering a password but repeatedly entering an incorrect TFA code.
- Emergency codes for when you lose your phone/tablet (Premium version)
- Wanneer je de front-end shortcode (Premium version) gebruikt, dan moet de gebruiker de huidige TFA code correct invoeren om TFA te activeren
- Werkt met “WP Members” (shortcode formulier)
- Administrators can access other users’ codes, and turn them on/off when needed (Premium version)
Waarom TFA / 2FA gebruiken?
Lees dit! https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
Hoe werkt TFA / 2FA?
This plugin uses the industry standard TFA / 2FA algorithm TOTP or HOTP for creating One Time Passwords. These are used by Google Authenticator, Authy, and many other OTP applications that you can deploy on your phone etc.
A TOTP code is valid for a certain time. Whatever program you use (i.e. Google Authenticator, etc.) will show a different code every so often.
Plugin notities
This plugin began life in early 2015 as a friendly fork and enhancement of Oscar Hane’s “two factor auth” plugin.