內容簡介
什麼是雙重認證?
認證 - 驗證您的身份的過程 - 歸納為三個簡單的元素之一:
用户知道的事情(PIN,密码)
用户擁有的東西(手機,設備)
用户的身份(生物特徵,視網膜,指紋)
雙重認證(2FA)是這些唯一識別符中任意兩個的結合。
我們的 2FA 外掛程式是如何運作的?
使用Fortytwo的2FA WordPress插件,用戶只需要用戶名和密碼即可登錄到他們的網站(與任何標準登錄順序一樣),以及使用手機通過 SMS 接收一次性認證碼。
我們的插件是完全可定制的,可以根據您的具體需求進行調整,例如,您可以根據用戶在WordPress中的特定管理角色分配2FA,當用戶在特定時間內使用已知或“可信”設備時,可以禁用用戶的2FA。Fortytwo的WordPress 2FA插件提供了一種高度可定制的用戶驗證過程,並在需要時提供了額外的安全級別。
它包括哪些功能?
Fortytwo的WordPress插件帶有眾多功能,包括以下選項:
激活或禁用註冊和/或登錄的2FA,允許用戶使用用戶名,密碼和2FA登錄或僅使用用戶名和密碼登錄
根據用戶在WordPress中的角色啟用用於登錄的2FA,例如,您可以禁用某些用戶(如訂閱者)的2FA,同時保留對具有關鍵角色的用戶的2FA
將2FA分配為用戶的可選或強制選項,因此您可以讓用戶選擇啟用2FA或默認強制該選項。
將“可信”設備分配給特定用戶,讓用戶在完成初始的2FA登錄後,可以將其設備標記為“可信”一段指定的時間,在設置中由他們進行分配。此選項可以確保用戶在初始2FA登錄後不需要使用分配的受信任設備重複輸入驗證碼。
在註冊后重新發送驗證碼,如果未收到短信 - 這使用戶可以在60秒后請求驗證碼,並更改其電話號碼,以防提交不正確的電話號碼
在登錄后重新發送驗證碼,如果未收到短信 - 這使用戶可以在60秒后再次請求驗證碼 - 這個重發選項也可以在設置中禁用
自定義2FA的行為,如API中所述,包括更改驗證碼長度和類型(數字,字母或字母數字),區分大小寫驗證,通過回調URL記錄響應的選項以及自定義對用戶可見的發件人ID
Fortytwo的2FA WordPress插件支持所有智能手機(iPhone,Android,BlackBerry)以及基本手機的2FA。
為什麼要使用Fortytwo的WordPress插件?
安全將2FA納入用戶登錄過程中,為WordPress站點創建了一個複雜密碼無法保證的保護和安全級別
可定製的功能這是我們的插件的第一個版本,我們非常有興趣聽取您的反饋。
如果您希望看到其他功能,請告訴我們!
外掛標籤
開發者團隊
② 後台搜尋「Fortytwo – Two-Factor Authentication」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
What is Two-factor Authentication?
Authentication – the process of verifying your identity – boils down to one of three simple elements:
Something the user knows (PIN, password)
Something the user owns (mobile phone, device)
Something the user is (biometric, retina, fingerprint)
Two-factor Authentication (2FA) is a combination of any two of these unique identifiers.
How does our 2FA plugin work?
With Fortytwo’s 2FA WordPress plugin, the user only requires the username and password to login to their site (as per any standard login sequence) and a mobile phone to receive the one-time authentication code via SMS.
Our plugin is fully customisable and can be adapted to meet your specific needs, for example, you can assign 2FA to certain users depending on their specific administrative roles in WordPress and disable 2FA for users when they are using a known or ‘trusted’ device for a specific period of time. Fortytwo’s WordPress 2FA plugin offers the unique advantage of providing a highly customisable authentication process for users and provides an additional level of security when and as required.
What features does it include?
Fortytwo’s WordPress plugin comes with a myriad of features including the option to:
activate or disable 2FA for registration and/or login allowing the user to login using a username, password and 2FA or just a username and password
activate 2FA for login according to the user’s role in WordPress, for example, you can disable 2FA for certain users such as subscribers while maintaining 2FA for users with critical roles
Activate 2FA as optional or mandatory option for users, so you can give to your user the option to activate 2FA or force the option by default.
assign ‘trusted’ devices to specific users allowing the user – after their initial 2FA login – to validate their devices as ‘trusted’ for a specific time period, assigned by them in the settings. This option ensures that users aren’t required to enter an authentication code repeatedly with an assigned trusted device, after the initial 2FA login
resend the authentication code after registration if the SMS was not received – this allows the user to request the authentication code after 60 seconds and/or change his phone number in the event that an incorrect phone number was submitted
resend the authentication code after login if the SMS was not received – this allows the user to request the authentication code again after 60 seconds – this re-send option can also be disabled in the settings
to customize the behavior of the 2FA as documented on the API including changes to the authentication code length and type (numeric, alpha or alphanumeric), case sensitive validation, options to log a response via a callback URL and customise sender ID ‘s visible to the users
Fortytwo’s 2FA WordPress plugin supports 2FA for all Smart phones (iPhone, Android, BlackBerry), as well as basic phones.
Why use Fortytwo’s WordPress plugin?
Security Incorporating 2FA in to the user login process, creates a level of protection and security for your WordPress site that complex passwords can no longer guarantee
Customised functionality This is our first version of the plugin and we’re keenly interested in your feedback.
If there is additional functionality that you would you like to see, please let us know – we are happy to work on developing features to meet your specific requirements and endeavor to implement this in as short a time-frame as possible.
Configuration
Once the plugin is activated you have to configure the plugin before use:
In the admin panel go to Settings > Two Factor Authentication
Enter the token you have from the fortytwo control panel
Configure the other options accordingly to your needs
push the save button
Note: The Two factor authentication works only for the users who have the 2FA phone number on their profile.
Version 1.1.1
2016-12-22
* [IMPROVEMENT] Support for WordPress 4.6.X.
* [IMPROVEMENT] Don’t call login_header if the function was disabled.
Version 1.1.0
2016-10-04
* [IMPROVEMENT] Support for WordPress 4.6.X.
* [IMPROVEMENT] Update SDK dependencies.
* [IMPROVEMENT] Phone field rendering updated.
* [IMPROVEMENT] New API Paremeter : Message template to personalize the message sent with the 2FA Code.
* [IMPROVEMENT] New Mandatory option allowing to have 2FA option as optional or mandatory on login and/or on register.
Version 1.0.8
2016-05-02
* [DOCUMENTATION] Fix typo in the readme file.
[DOCUMENTATION] Fix typo in the readme file.
Version 1.0.7
2016-05-02
* [BUG] Update publish script to properly track/add new files and directory and untrack/delete deleted files.
* [BUG] Clean the SVN tree.
[BUG] Update publish script to properly track/add new files and directory and untrack/delete deleted files.
[BUG] Clean the SVN tree.
Version 1.0.6
2016-04-28
* [BUG] Settings – Update “API Sensitive case” field ID.
* [DOCUMENTATION] Change “why” items to list.
[BUG] Settings – Update “API Sensitive case” field ID.
[DOCUMENTATION] Change “why” items to list.
Version 1.0.5
2016-04-26
* [IMPROVEMENT] Update contributor id
[IMPROVEMENT] Update contributor id
Version 1.0.4
2016-04-25
* [IMPROVEMENT] Support for WordPress 4.5
[IMPROVEMENT] Support for WordPress 4.5
Version 1.0.3
2016-04-25
* [DOCUMENTATION] Add some tags on the presentation of the plugin.
* [DOCUMENTATION] Update the screenshots.
* [DOCUMENTATION] Update readme.txt description.
[DOCUMENTATION] Add some tags on the presentation of the plugin.
[DOCUMENTATION] Update the screenshots.
[DOCUMENTATION] Update readme.txt description.
Version 1.0.2
2016-04-20
* [DOCUMENTATION] Fix header description to feet in 150 characters
[DOCUMENTATION] Fix header description to feet in 150 characters
Version 1.0.1
2016-04-20
* [DOCUMENTATION] Update the readme.txt
[DOCUMENTATION] Update the readme.txt
Version 1.0.0
2016-04-19
* First stable version.
First stable version.
Version 1.0.0-RC11
2016-04-19
* [BUG] Fix error message when invalid token used.
* [BUG] Fix a typo.
* [IMPROVEMENT] Update readme.txt
[BUG] Fix error message when invalid token used.
[BUG] Fix a typo.
[IMPROVEMENT] Update readme.txt
Version 1.0.0-RC10
2016-04-18
* [BUG] Fix phone number validation on register.
* [BUG] Fix various typos.
* [BUG] Fix code validation on register/login
* [BUG] Fix bug when we validate code after a fail on register.
* [BUG] Fix inconsistency on naming of authentication code.
[BUG] Fix phone number validation on register.
[BUG] Fix various typos.
[BUG] Fix code validation on register/login
[BUG] Fix bug when we validate code after a fail on register.
[BUG] Fix inconsistency on naming of authentication code.
Version 1.0.0-RC9
2016-04-14
* [BUG] Device was always setup as trusted.
* [BUG] Fix missing phone helper on edit user.
* [BUG] Fix nullable callbackurl.
* [BUG] Fix validation code after one fail.
* [BUG] Fix resend option on login.
[BUG] Device was always setup as trusted.
[BUG] Fix missing phone helper on edit user.
[BUG] Fix nullable callbackurl.
[BUG] Fix validation code after one fail.
[BUG] Fix resend option on login.
Version 1.0.0-RC8
2016-04-12
* [BUG] Add missing jquery dependency on login
* [BUG] Fix Trusted device Activate/Disabled option
* [BUG] Fix naming convention for Authentication code
* [IMPROVEMENT] Update in code documentation
* [IMPROVEMENT] Adding field validation in the settings
* [BUG] Fix missing dependency * Jquery
* [BUG] Fix a typo on setting panel.
* [BUG] Fix a bug with the cookie path.
[BUG] Add missing jquery dependency on login
[BUG] Fix Trusted device Activate/Disabled option
[BUG] Fix naming convention for Authentication code
[IMPROVEMENT] Update in code documentation
[IMPROVEMENT] Adding field validation in the settings
[BUG] Fix missing dependency – Jquery
[BUG] Fix a typo on setting panel.
[BUG] Fix a bug with the cookie path.
Version 1.0.0-RC7
2016-04-06
* [BUG] Resend SMS no showing on login.
* [BUG] Disable 2FA on register not working properly.
[BUG] Resend SMS no showing on login.
[BUG] Disable 2FA on register not working properly.
Version 1.0.0-RC6
2016-04-06
* [IMPROVEMENTS] Updating versions numbers
[IMPROVEMENTS] Updating versions numbers
Version 1.0.0-RC5
2016-04-04
* [IMPROVEMENTS] Small fixes
[IMPROVEMENTS] Small fixes
Version 1.0.0-RC4
2016-04-04
* [IMPROVEMENTS] Fixing various bugs
* [IMPROVEMENTS] Adding screenshots for the wordpress plugin website
[IMPROVEMENTS] Fixing various bugs
[IMPROVEMENTS] Adding screenshots for the wordpress plugin website
Version 1.0.0-RC3
2016-04-01
* [IMPROVEMENTS] Adding assets : banner and icons.
[IMPROVEMENTS] Adding assets : banner and icons.
Version 1.0.0-RC2
2016-03-30
* [IMPROVEMENTS] Update assets for WordPress publication
* [IMPROVEMENTS] Add publish.sh file for publishing version on the SVN repo.
[IMPROVEMENTS] Update assets for WordPress publication
[IMPROVEMENTS] Add publish.sh file for publishing version on the SVN repo.
Version 1.0.0-RC1
2016-03-24
* [IMPROVEMENTS] : Add Readme.txt for wordpress repo and the icon image.
* [IMPROVEMENTS] : Updating documentation.
* [FEATURES] : Initial features.
[IMPROVEMENTS] : Add Readme.txt for wordpress repo and the icon image.
[IMPROVEMENTS] : Updating documentation.
[FEATURES] : Initial features.
