內容簡介
Identityplus 是一個基於 PKI (公開金鑰基礎架構) 的全新安全解決方案,稱之為信任網路。它提供一體化的二(偶爾三)因素身份驗證和 TLS 級別身份認證,讓您的網站比以往更加安全。此外,它還讓網站所有者通過允許他們對證書和所有者進行反饋,共同捍衛犯罪行為。使用 Identityplus,當一個垃圾郵件被舉報時,我們不僅可以防止同樣垃圾郵件在其他地方發布,還可以有效地防止垃圾郵件發送者在任何其他地方派送任何其他種類的垃圾郵件。繼續閱讀以瞭解這種強大技術的簡要介紹。
登錄前的登錄
為什麼 Identityplus 比任何二因素身份驗證都要好……
當您處理應用程式級登錄時,無論是一個因素、兩個因素還是任何因素,您都需要一個登錄頁面。由於這個頁面必須在看到訪問者之前加載,因此 WordPress 對重複登錄嘗試提供保護。這可以在一定程度上阻止機器人,但如果您有應用程式漏洞,黑客可以用它來繞過登錄,無論您是否忘記更新 WordPress 或出現 PHP 的零日漏洞等完全無法控制的情況,您的博客都難以倖免。Identityplus 使用 TLS 級別身份認證,這意味著當訪問設備未提供正確的 PKI 憑證時,登錄頁面將永遠不會加載。訪問者只需被引導離開敏感頁面,因此無法進行任何攻擊,無論是暴力破解、憑證盜取或零日攻擊等。沒有登錄頁面,沒有問題…
VPN 進入您的管理面板
僅從您的計算機訪問管理面板...
在瀏覽器中擁有 PKI 身份識別是一件強大的事情。由於服務器期望該身份存在,因此它不僅基於用戶限制訪問,也基於計算機限制訪問。因此,您的管理面板實際上無法從世界上任何其他計算機訪問。要訪問您的管理面板,黑客必須窃取您的計算機並從中訪問。
從未有過的 SSO
更簡單、更快、更安全。無需任何操作即可進行登錄……
一旦您開始使用 Identityplus,您會發現幾乎不需要執行任何操作,您只會注意到您已經登錄。不要害怕,您已經登錄是因為您的計算機已被認證,並在您能夠執行任何操作之前進行識別。但是由於您還使用密碼或指紋登錄了所使用的設備 (筆記本電腦/手機),因此您實際上正在執行二因素身份驗證,而且甚至不會注意到它。但是,當您的證書閒置時,偶爾會注意到需要輸入您的 Identityplus PIN。這實際上是三因素身份驗證,一體化解決方案。
信任網路
獎勵好行為和封鎖垃圾郵件,而不僅僅是一個垃圾郵件...
當設備擁有無法造假的身份時,令人驚奇的事情發生了:如果您將訪問評論區的訪問限制為僅允許擁有 Identityplus 證書的設備,那麼每當您批准一個評論時,您都會發送信任令牌給該證書所有者,告訴 Identityplus 您信任所有者。現在其他博客也可以信任他,他正在穩步建立一個與任何惡意機器人不同的個人檔案。相反,當您將評論標記為垃圾郵件時,您告訴 Identityplus 這是一個惡意實體,我們封鎖該證書,確保該設備無法再用於發布垃圾郵件。現在,我們不再只是阻止垃圾郵件本身,而是封鎖發送垃圾郵件的實體。
外掛標籤
開發者團隊
原文外掛簡介
Identityplus is a novel security solution based on PKI (Public Key Infrastructure) called a network of trust. It features an all-in-one 2 (ocasionally 3) factor authentication and TLS level authentication making your site more secure than ever. Additionally it enables site owners to collaborate in defending against criminality by allowing them to send feedback on certificates and their oweners. With Identityplus, when a spam is reported, we are not only preventing the same spam being posted anywhere else, we are effectively preventing the spammer sending any other kind of spam, anywhere else. Keep on reading for a brief intro into this powerful technology.
Log In, Before A Login Page
Why Identityplus Is Better Than Any 2 Factor Authentication …
Whenever you deal with application level login, whether it’s one factor, two factor or any factor for that matter, you need a login page. This page must load before it gets the chance to see who is visiting, which is why Worpress has a protection against repeated login attempts. This can stop bots, to a certain degree, but if you happen to have an application vulnerability that can be used by a hacker to bypass login, whether you forgot to updated your WordPress or something totally out of your control like zero day vulnerability in PHP, your blog is toast, regardless of how many factors of authentications you have.
Identityplus uses TLS level authentication, which means the visiting device is authenticated before the login page loads. If the proper PKI credentials are not presented by the device, the page will never, ever load. The visitor is simply directed away from the sensitive page and hence is unable to perform any kind of attack, be that brute force, credential theft or zero day for that matter. No login page, no problem …
A VPN Into Your Admin Panel
Make Your Admin Panel Accessible Only From Your Computers …
Having a PKI indenity in your browser is a powreful thing. Because the server expects that identity to be there, it does not only limit access by the user, it also limits access based on computer. As such, your admin panel becomes literally inaccessible from any other computer in the world. To access your admin panel, a hacker must steal your computer and access it from there.
SSO Like Never Before
Simpler, Faster, More Secure. Sign In Without Having To Do Anyting …
Once you start using Identityplus, you will see you are hardly asked to do anything, you’ll just notice you are logged in. Don’t get scared, you are logged in because your computer is certified and it’s being identified before you would have the chance to do anything. But since you also logged in with your password or your fingerprint into the device you are using (laptop / mobile phone), you are actually performing 2 factor authentication without even noticing it. You will occasionally notice however, as your certificate becomes idle, that you are being asked for your Identityplus PIN. That’s actually the third factor authentication, all in one solution
A Network Of Trust
Reward Good Deeds And Block The Spammer, Not The Only Spam …
When devices wear an impossible to forge identity, something amazing happens: if you restrict access to your comment section to devices with Identityplus certificates, whever you approve a comment, you are sending tokens of trust to the owner of that certificate telling Identityplus that you trust the owner. Now other blogs can trust him too, and he is steadily building a profile that defferentiates him from any malicius bot. Conversely, when you mark a comment as spam, you’ll be telling Identityplus that this is a malicious entity, and we block the certificate making sure the device can’t be used to post spam again. Now we are no longer only stopping spam, we are collectively working on stopping the spammer.
Enjoy 10 Connected Users For Free
Free Certificates, Free API Up To 10 Connected Users, Unlimited Validations For Free …
A connected user is a user that can be signed in automatically via Identityplus into a service using Identityplus. If that service is your personal blog, you probably don’t have more than 10 users who regularly sign into the administrative section of your WordPress installation. If that’s the case, you will never have to pay for Identityplus. Visitors that comment with Identityplus accounts that are not connected to local accounts do not count. For this reason the plugin will only connect administrator accouns by default. If you need log more than 10 users into your back-end, you’ll need a business account, the cost of which scales with the number of your active users. Check our the pricing section for details.
2.4.3
Tested with WordPress 6.1.1
2.4.2
Minor bug fixes and tested with WordPress 6.0
2.4.1
Minor bug fixes
2.4
Tested with WordPress 5.7
2.3
Minor update and tested with WordPress 5.5
2.2
Tested with WordPress 5.3.2
2.1
We’ve replaced the necessity to validate the domain with an uploaded file with an automatic callback to achieve even less friction when you install the plug in.
2.0
This is a major update. We recommend deactivating the “Enforce Identity + Device Certificate” flag for safety during certificate update.
Added automatic & one click API certificate renewal. This grately improves user experience for maitaining the Identity Plus plugin and prevents accidental certificate expiration, which may cause service outage.
Integrated the new service installation proces via automated wizard. It is no longer needed for the user to log into identity plus account and issue certificate before installation. Using the mobile application, or registered device, you can now onboard the service, issue the certificate and activate identity plus in one short flow.
We’ve also moved the certificate storage from file to the database for enhanced security.
1.6.4
Minor bug fix
1.6.3
Moved the legacy certificate validation endpoint from https://get.identity.plus to https://signon.identity.plus. The get endpoint will now exclussively handle the certificate issuing and installation process.
If you encounter problems while using legacy redirect and you land on get. subdomain, simply click the “back to single sign on” link to return to original flow. Please update your plugin to avoid this behavior. Sorry for the inconvenience.
1.6.2
Minor bug fix
1.6.1
Minor bug fix
1.6
Migrated to v1.1 Identityplus API. Identityplus plugin now allows individual wordpress users to connect their accounts on-demand. This new version also lifted the 10 accounts limit for non-corporate certificates, meaning that not-for-profit sites (public benefit or personal sites that produce no revenue) can connect any number of accounts at no cost.
1.5
Verified compatibility with WordPress 4.9.8.
Corrected minor bugs.
1.4 beta
Verified compatibility with WordPress 4.9.1.
Corrected minor bugs.
1.2 beta
Corrected WordPress coding practice issues and fixing
1.1 beta
We’ve restricted automatic login for pages that are filtered so that bots would not be bothered by the presence of the plugin.
1.0 beta
Version 1.0 beta is the first version of the Identityplus plugin, and it contains the minimum set of functionality and configuration options. Nevertheless, it will give your site an incredible security boost and at the same time it will improve user experience. Please take a moment to familiarize yourself with the core concepts so that you can take maximum advantage of this powerful security technology.
