northps.com
NorthPoint DIGITAL
WordPress Two-Factor Authentication
Hi, I'm Arwin.
This is me before two-factor authentication.
Hi, I'm Andy.
This is my daughter before two-factor authentication.
we're talking about security
While there are many aspects to site security, we're going to focus on ONE. Your front door.
Password Security
Password Security is a Personal Choice.
It is our own individual responsibility to choose a unique, complex password.
Requirements and "strength meters" can't make your password secure.
TIP: Don't advertise your password requirements.
TIP: Don't forget to manage your users and roles.
most passwords are insecure
-
Adding a 9th character to the 8-character password r$iOkmB_ could increase theoretical cracking time from 4 years to "centuries"
-
A long 22-character sentence (such as "there'snoplacelikehome") theoretically takes only 4 days to crack
How can i protect myself?
1. Use strong passwords
- No dictionary words, years, names.
- WP 3.7's new strength meter helps!
- Dropbox zxcvbn (DEMO ALERT)
- Try it. See crack time in real-time.
2. ADD ANOTHER FACTOR
ADDING ANOTHER FACTOR
The best authentication would be three factors:
-
Something you know (password)
-
Something you have (key)
-
Something you are (thumbprint)
TWO-FACTOR EXAMPLES
At the ATM, you have:
At the grocery store, you have:
- your checkbook
-
your photo ID
USING YOUR PHONE
-
In addition to knowing your password, you can use your mobile phone as a cryptographically secure access token.
-
Each new device you sign in with requires you to enter the code that is currently shown on your mobile phone.
-
The code that your phone shows will change every 30 seconds, and the server is sync'd to use the same mathematical formula.
-
If you lose your phone, it's like losing a key. You had better have a backup. You can have backup one-use scratch codes that you keep in a safe place.
ADDING TWO-FACTOR TO WORDPRESS
(self-hosted)
YOU HAVE PLUGIN OPTIONS
(here are just two)
MA.TT said this months ago
- Don't use "admin" as your username
- Change your passwords often
- Select strong passwords
- Enable two-factor authentication
what does security mean to you?
This me after two-factor authentication.
Yes, now I'm feeling secure.
THANK YOU
Arwin Holmes
@arwinholmes
Andy Magoon
@magoon
WE ARE WORDPRESS FANATICS
AND WE'RE HIRING
NorthPoint Digital
WE LEAD WITH EXPERIENCE