WordPress

WordPress.org Expands Two-Factor Authentication Interface to Include Security Keys – WP Tavern

WordPress.org started testing two-factor authentication (2FA) as an opt-in function in Could 2023. The interface and performance are nonetheless in beta however it’s operational. This week contributors have expanded support for 2FA with a brand new interface for including safety keys, that are safer than the one-time passwords.

A logged in person can arrange the keys by visiting their WordPress.org profile, scrolling all the way down to the “Safety” part, and clicking on the help discussion board profile hyperlink.

Customers who’ve two-factor authentication arrange can click on on “Two-Issue Safety Key” and observe the directions to set them up.

This replace to the interface additionally provides Time-Based mostly One-Time Passwords (TOTP), that are generated from the person’s chosen authentication app on their machine and adjusted each 30 seconds. WordPress.org presently defaults to utilizing safety keys over the time-based on-time passwords, however contributors are working on making that configurable sooner or later.

Additions to the interface additionally embrace the flexibility to generate backup codes, which allow entry when customers don’t have their 2FA safety key or app configured. The backup codes include a word of warning from Automattic- sponsored Meta contributor Steve Dufresne, who has been engaged on the 2FA challenge:

No matter whether or not you’re utilizing safety keys or a Time-Based mostly One-Time password, ensure you generate and print backup codes. If you happen to lose your major key/machine and don’t have a backup code, you’ll lose entry to your account perpetually.

Dufresne inspired WordPress.org customers who haven’t arrange 2FA to go forward and accomplish that. Any bugs may be reported to the challenge’s GitHub repository.

Leave a Reply

Your email address will not be published. Required fields are marked *