Could you add the fido u2f plug-in?

  • Author
    Posts
  • #2158279

    tomeurp
    Member

    Could you please add fido u2f plug-in?

    I think it’s a great idea to have this plug-in for anyone concerned about security in order to prevent phishin attacks. It is much more secure than time based one time passcodes.

    Plug-in is available at https://github.com/shield-9/u2f-login

    Thanks

    The blog I need help with is farmaciadoctorferran.wordpress.com.

    #2158558

    yes this would be very very useful! :)

    #2158597

    Yubico CEO blogged about the FIDO U2F plug-in for wordpress:
    <a href=”https://www.yubico.com/2015/01/u2f-wordpress-security-people/
    “>https://www.yubico.com/2015/01/u2f-wordpress-security-people/

    #2158598

    auxclass
    Member

    you are aware that you can use https for your login link and two factor log-in has been an option for well over a year where you are required to have your cell phone in your possession and enter in a code sent to it?

    #2158599

    @auxclass,

    SMS for 2nd Factor authentication works, but it is problematic when one is travelling and using a local SIM. Then they are not able to get the Codes. That has happened to me. Or the phone is not charged / working.

    FIDO U2F on the hand doesn’t require cellular connectivity or a device that needs charging.

    Saqib

    #2158600

    kevwe09
    Member
    #2158601

    raincoaster
    Member

    If they put it in, all WP.com blogs would have to use it and not all of us want it. I lose phones a lot more frequently than I lose passwords.

    #2158602

    @raincoaster, not really. It is opt-in. If you want strong auth you can enable on your account. If not, static password will be default.

    #2158603

    @auxclass,

    One more thing I like about FIDO U2F / FIDO UAF is that it also protects against phishing using public key cryptography. The FIDO U2F / FIDO UAF devices actually mint certificates.

    Using SMS for second factor doesn’t prevent against phishing attempts.

    Saqib

    #2158604

    darconeous
    Member

    The linked U2F implementation is AGPLv3, which wordpress.com will probably never use.

    However, this implementation is GPLv2: https://github.com/Yubico/wordpress-u2f

    Please add this capability to wordpress.com!

The topic ‘Could you add the fido u2f plug-in?’ is closed to new replies.