[wp-hackers] Limit Login Attempts

Vid Luther vid at zippykid.com
Tue Apr 16 20:56:32 UTC 2013


+1 , there's also Authy and Duo Security. WordPress.com already has google
authenticator 2 factor as an option. We're considering the same. I think
the password simplicity plus customer education is the key here.
As a community, we've done a great job of telling people about core
updates, we can do the same.

I belong to some id-theft SIGs and this is the same thing, we can't just
expect vendors to look out for us, or be responsible for us.

With my consumer hat on, I am completely ok with being responsible for my
own security.  I expect my hosting provider to provide me with the tools to
secure myself, and educate me on what is possible. If I choose to ignore
them, then that's on me.

With my business hat on, it's just nuts how simple people make their
passwords, and how complex things get when you try to do things to enhance
the customer's security. The subject of this thread is "limit login
attempts", is that really what we want?
Or do we want to limit unauthorized access?




On Tue, Apr 16, 2013 at 3:11 PM, Otto <otto at ottodestruct.com> wrote:

> On Tue, Apr 16, 2013 at 3:07 PM, Marko Heijnen <mailing at markoheijnen.nl>
> wrote:
> > I'm not sure what the code is behind 2 factor authentication but it's
> doesn't seem feasible for the regular website's but yes on the bigger sites
> it is the way to go.
>
> 2-factor auth is neat and easy and anybody can set it up using the
> Google Authenticator app on their own phone and this plugin right
> here:
>
> http://wordpress.org/extend/plugins/google-authenticator/
>
> You don't need a Google account, and the mobile app doesn't need
> network access to work.
>


More information about the wp-hackers mailing list