josevirtual's Replies

Forum Replies Created

Viewing 4 replies - 1 through 4 (of 4 total)

Forum: Plugins
In reply to: [Cookiebot by Usercentrics - Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode] An Active PHP session was detected

josevirtual
(@josevirtual)

3 years, 3 months ago

Worked for me too

Forum: Plugins
In reply to: [Cookiebot by Usercentrics - Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode] An Active PHP session was detected

josevirtual
(@josevirtual)

3 years, 3 months ago

The same is happening to me

Forum: Reviews
In reply to: [WP-WebAuthn] Works fine, except for one thing

Thread Starter josevirtual
(@josevirtual)

4 years, 5 months ago

Thanks for your answer. I think that the warning is a good idea.

Android users should use their password, U2F never should be the only security factor. The username is not a secure factor at all, in many WordPress websites it is very easy to find it, and people reuse usernames, hackers may easily guess them. You probably should allow password access for every user that does not use FIDO2.

Summarizing, the FIDO standards are designed to be used in this way:

Username + Password + FIDO U2F
Only FIDO2, o just with the username

Many companies even ask for password + FIDO2

I hope this helps

Forum: Reviews
In reply to: [WP-WebAuthn] Works fine, except for one thing

Thread Starter josevirtual
(@josevirtual)

4 years, 5 months ago

That’s right. However, as I have mentioned in my edited review, FIDO U2F should never allow to access without password. Only WebAuthn (FIDO2) is secure enough to allow Passwordless Authentication. It is a basic rule regarding secure authentication.

Everything else looks fine for me in the plugin.

Viewing 4 replies - 1 through 4 (of 4 total)