summary – yes, do OTPs!

  • Plugin Author Dan Cvrcek

    (@s-crib)


    13 years, 1 month ago

    Let me be straight – this is a self-review. The reason – to give you some confidence.

    And to get you thinking why not to use this plugin and 2 factor authentication.

    • We made the plugin so that it does not make it any harder for users of your blog that want to use their passwords.
    • The login page is the same and you can decide whether you want to use a password or an OTP.
    • You can still use your password in our office / home and OTP when you are in town or at the airport or …
    • Anyone can scan an QR code to Google Authenticator, or type their own new secret (aka seed) when they want – in their Profile (top right corner with your name)
    • Security Part A – Absolute Strength
    • Average static password has the strength of a 3.2 characters’ long random string.
    • 6 digit OTP is like 3.2 characters’ long random string (for 8 digits it is 4.4 characters), when you add a PIN (4 digits), you get 5.3 characters.
    • Actually, 5.3 random characters translates to billion of guesses to find the right one.
    • Security Part B – Why Is 6 Digit OTP Better Than Average Password.
    • The chance someone guesses it is the same.
    • Hackers usually use robots to find passwords – store them in a file to use later. Guess what, stored OTP will not work as it can be used only once.
    • Hackers are clever and once they find a password/OTP they will use it. Well, they can post some spam but it is their one-off. They will not be able to do it again.
    • Security Part C – Insecure Networks.
    • Do you sometime want to login to your blog via a random WiFi? OTPs are much better than passwords. Even when eavesdropped, they will not work the next time.
    • It is much safer to use OTPs when you use someone else’s endpoint network.
    • No security is perfect and even OTPs can be bypassed but it is definitely a step in the right direction!

    Just give it a shot, do the two clicks to install and activate. Install Google Authenticator and scan the QR or buy one of our dongles – to get your digital key that you can use for strong static passwords as well.

The topic ‘summary – yes, do OTPs!’ is closed to new replies.