Twee-Factor Authenticatie

Beveilig WordPress login met deze twee-factor authenticatie (TFA / 2FA) plugin. Gebruikers voor wie het is aangezet hebben een eenmalige code nodig om in te kunnen loggen. Van de makers van UpdraftPlus – WP’s #1 backup/restore plugin, met meer dan twee miljoen actieve installs.

Ben je helemaal onbekend met TFA? Lees dan onze FAQ.

Functionaliteit (zie ook de “Screenshots” voor meer informatie):

• Ondersteunt standaard TOTP + HOTP-protocollen (en ondersteunt dus Google Authenticator, Authy, en vele anderen).
• Toont grafische QR-codes voor eenvoudig scannen naar apps op je telefoon/tablet
• TFA kan per rol beschikbaar worden gesteld (bijvoorbeeld beschikbaar voor beheerders, maar niet voor abonnees)
• TFA kan aan en uit worden gezet door iedere gebruiker
• TFA can be required for specified user levels, after a defined time period (e.g. require all admins to have TFA, once their accounts are a week old) (Premium version), including forcing them to immediately set up (by redirecting them to the page to do so)
• Supports front-end editing of settings, via [twofactor_user_settings] shortcode (i.e. users don’t need access to the WP dashboard). (The Premium version allows custom designing of any layout you wish).
• Site owners can allow “trusted devices” on which TFA codes are only asked for a chosen number of days (instead of every login); e.g. 30 days (Premium version)
• Encrypt the TFA-generating secret keys using an on-disk encryption key, so that an attacker would need to break into both your WordPress database and your files in order to break TFA codes (as well as breaking a user’s password in order to use them)
• Werkt met “Theme My Login” (de formulieren en de widgets)
• Ondersteuning voor WooCommerce en Affiliates-WP login formulieren
• Includes support for Ultimate Membership Pro
• Includes support for CozmosLabs Profile Builder
• Includes support for Ultimate Member login forms (Premium version)
• Ondersteunt Elementor Pro inlogformulieren (Premium versie)
• Ondersteunt bbPress inlogformulieren (Premium versie)
• Includes support for login forms from the Gravity Forms User Registration add-on (Premium version)
• Includes support for any and every third-party login form (Premium version) without any further coding needed via appending your TFA code to the end of your password
• Does not mention or request second factor until the user has been identified as one with TFA enabled (i.e. nothing is shown to users who do not have it enabled)
• WP Multisite compatible (plugin should be network activated)
• Simplified user interface and code base for ease of use and performance
• Added a number of extra security checks to the original forked code
• Alert users if someone appears to have found out their password, as indicated by successfully entering a password but repeatedly entering an incorrect TFA code.
• Emergency codes for when you lose your phone/tablet (Premium version)
• Wanneer je de front-end shortcode (Premium version) gebruikt, dan moet de gebruiker de huidige TFA code correct invoeren om TFA te activeren
• Werkt met “WP Members” (shortcode formulier)
• Administrators can access other users’ codes, and turn them on/off when needed (Premium version)

Waarom TFA / 2FA gebruiken?

Lees dit! https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

Hoe werkt TFA / 2FA?

This plugin uses the industry standard TFA / 2FA algorithm TOTP or HOTP for creating One Time Passwords. These are used by Google Authenticator, Authy, and many other OTP applications that you can deploy on your phone etc.

A TOTP code is valid for a certain time. Whatever program you use (i.e. Google Authenticator, etc.) will show a different code every so often.

Plugin notities

This plugin began life in early 2015 as a friendly fork and enhancement of Oscar Hane’s “two factor auth” plugin.