內容簡介
這個外掛避免已登入的使用者在驗證其第二階段驗證之前對你的 wordpress.org 網誌做任何事情。整個流程是這樣的:
使用者登入你的網誌。
在幕後,一堆加密的事情會發生,產生並附帶一個金鑰到使用者帳號上。每當他們登入時,這個金鑰就會被覆寫為新的。這個金鑰會透過使用者註冊時使用的電子郵件地址寄給使用者。
使用者收到含有驗證碼的電子郵件。
當使用者試圖存取你的網誌時,系統會要求他們輸入驗證碼。
在幕後,驗證碼會被檢查其有效性,並加入一個 cookie 到使用者會話中。現在他們可以進入你的網誌了。如果金鑰變更了(使用者登出或需要重新登入),他們原本使用的 cookie 將不再有效,必須輸入新的驗證碼。
外掛標籤
開發者團隊
原文外掛簡介
This plugin prevents logged in users from doing anything on your wordpress.org blog until they have verified their second factor of authentication. The process goes like this:
A user logs into your blog.
Behind the scenes a bunch of cryptographic stuff happens and a key is generated and attached to that user. The key is overwritten with a new one every single time they log in. This key is emailed to that user (via the email address the user is registered under.)
The user gets the email with the code.
The user then enters the code at the page which is now presented to them when they are trying to access your blog
Behind the scenes the token is checked for validity, and a cookie is added to the users session. They are now allowed access to your blog. If the key changes (the user logs out, or is required to log in again) the cookie that they may have been using will no longer be valid and they will be asked to enter the new one that they get via email.