New member here. Just a thought.

I was looking through all the great plugins and noticed 'Signup Code'. Wouldn't this be great as a 2 step authentication option if it could send a random code to a users smartphone? It could send a text or be used with an app. Thoughts?

  • Gabe
    • The Bug Hunter

    Hi Ronald. Are you talking about using it to prevent unauthorized signups as well as doubling as 2-step authentication for users who already have accounts?

    In terms of apps for 2-step authentication, I believe Google has an API that allows other apps to use their Authenticator app (i.e. Stripe uses it).

  • Ronald
    • New Recruit

    Exactly. But you're right. I did some poking around at Wordpress and it seems there are a few that already serve this purpose. Some are paid but the Google Authenticate plugin is free and allows it to be activated by the individual user. One plugin to do it all would be nice but I suppose there are many alternatives for preventing unauthorized signups as well.

  • PC
    • WPMU DEV Initiate

    Hello Everyone,

    2 Step authentication is a good feature however currently there are no plans to integrate that with the plugins at the moment.

    I have however found a good post here : https://premium.wpmudev.org/blog/wordpress-2-step-verification-plugin/ which will provide you more information on the same.

    Here is a good plugin too : http://wordpress.org/plugins/duo-wordpress/

    I hope that helps. Please feel free to ask if you have more questions on the same.

    Cheers
    PC
    Sales &Support

  • Ronald
    • New Recruit

    I did also check out the one by Duo. Seems very good. Though the app is free, you need to have an account with them and the free account only supports up to 10 users.

    Just checked WordPress 2-step verification plugin (Thanks for that one, Ian.). This one seems to be for sign-up. It also uses the Google Authenticator app The email option is nice here.

    The other 2-step plugin allows it to be chosen by the user but does not offer an email option. Note that the Google Authenticator app can be set up to send the code as an SMS text or even a phone call and it can receive codes even if you don’t have an Internet connection or mobile service.

    Now from a user standpoint, would I feel more secure if 2-step were forced or would I like to be able to control my own security?

  • PC
    • WPMU DEV Initiate

    Now from a user standpoint, would I feel more secure if 2-step were forced or would I like to be able to control my own security?

    Personally I would feel more secure if I am asked a security question, or a captcha is there on the login page.

    I personally as a user did not like 2 step authentication :disappointed:

    But its a bookish topic. If you have a user email list, you can have a survey and ask for their thoughts.

    Cheers
    PC
    Sales &Support

  • Ronald
    • New Recruit

    I don't mind 2-step if I'm able to make that choice myself. As for captcha, that can sometimes be annoying too especially with some that are as difficult to read for humans. Personally, I don't care for too much security. I feel my password should be enough. If, by chance, my account is compromised, then inform me but let me make the choice as to what kind of extra security to add to my account beyond changing my password.

    I suppose it all really depends on what it is you are trying to protect.

  • PC
    • WPMU DEV Initiate

    As for captcha, that can sometimes be annoying too especially with some that are as difficult to read for humans. Personally, I don't care for too much security. I feel my password should be enough.

    You are right that it depends on the content you are trying to protect.

    I have always loved captcha protection but sometimes it can be confusing, but in that case the user can simply refresh the image, can't they ?

    Cheers
    PC
    Sales &Support

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.