Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Two Step WordPress Security
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Kaspars
February 22, 2016
Technology
0
81
Two Step WordPress Security
From WordCamp Norway 2016.
Kaspars
February 22, 2016
Tweet
Share
More Decks by Kaspars
See All by Kaspars
WordCamp Oslo 2018: How to Write Better Code Automatically
kasparsd
0
68
How to Write Better Code Automatically
kasparsd
0
64
My Story of Building a Commercial WordPress Plugin
kasparsd
0
89
WordPress REST API un Calypso
kasparsd
0
83
Take Control of Your Widgets
kasparsd
1
1.1k
Other Decks in Technology
See All in Technology
AI活用を"目的"にしたら、データの本質が見えてきた - Snowflake Intelligence実験記 / chasing-ai-finding-data
pei0804
0
870
2026-02-24 月末 Tech Lunch Online #10 Cloud Runのデプロイの課題から考えるアプリとインフラの境界線
masasuzu
0
110
バクラクにおける Document Understanding の挑戦:書類の「読取」から「意思決定」へ / document-understanding-in-bakuraku-2026
yuya4
0
190
Data Hubグループ 紹介資料
sansan33
PRO
0
2.8k
OCI技術資料 : 外部接続 VPN接続 詳細
ocise
1
10k
WBCの解説は生成AIにやらせよう - 生成AIで野球解説者AI Agentを実現する / Baseball Commentator AI Agent for Gemini
shinyorke
PRO
0
320
AIエンジニア Devin と歩む、自律型運用プロセスの構築
a2ito
0
560
Secure Boot 2026 - Aggiornamento dei certificati UEFI e piano di adozione in azienda
memiug
0
130
技術キャッチアップ効率化を実現する記事推薦システムの構築
yudai00
2
170
1 年間の育休から時短勤務で復帰した私が、 AI を駆使して立ち上がりを早めた話
lycorptech_jp
PRO
0
210
Bill One 開発エンジニア 紹介資料
sansan33
PRO
5
18k
AIに視覚を与えモバイルアプリケーション開発をより円滑に行う
lycorptech_jp
PRO
1
750
Featured
See All Featured
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
60
42k
Marketing to machines
jonoalderson
1
5k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
25
1.8k
How to Ace a Technical Interview
jacobian
281
24k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
The Curious Case for Waylosing
cassininazir
0
260
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
470
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
The browser strikes back
jonoalderson
0
750
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
190
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Transcript
None
Two Step WordPress Security Kaspars Dambis WordCamp Norway /
February 20, 2016
Authentication Authorization Who are you? Authentication What can you do?
Demo: WordPress and Public Key Infrastructure
Authentication Source: http://www.andrews-sykes.com/blog/wp-content/uploads/2014/06/Reception_Metropol.jpg
Authorization Source: http://www.juliebolder.com/weeds_2010_season_6.htm
One Step Authentication
One Step Authentication
Two Step Something You Know Authentication Something You Have +
Two Step Authentication Something You Have +
Two Step Authentication + PIN
But There is a Problem
Bad User Experience
Bad User Experience
123456 password 12345678 qwerty 12345 123456789 letmein Source: http://gizmodo.com/the-25-most-popular-passwords-of-2015-were-all-such-id-1753591514 Passwords
A UX Problem
A UX Problem
A UX Problem
https://xkcd.com/936/
Tr0ub4dor&3 https://xkcd.com/936/ 3 days at 1000 guesses per second
https://xkcd.com/936/ 550 years at 1000 guesses per second correct horse
battery staple
https://xkcd.com/936/ correct horse battery staple but 25 keystrokes
• One “Master” Password • Password Generation • Password Auto-fill
• Available on Desktop and Mobile Use a Password Manager
• One “Master” Password • Password Generation • Password Auto-fill
• Available on Desktop and Mobile Use a Password Manager Social Engineering
What about Two Step?
Two Step: One-Time Passwords +
You still have to type in 6 digits every time
Two Step: One-Time Passwords
Two Step: One-Time Passwords Demo?
Two Step: PKI Smartcards Have to use a SmartCard reader
and install drivers on every computer Uses a secure element for all cryptographic functions
Source: http://www.notebookcheck.net/Review-Lenovo-ThinkPad-T440p-20AN-006VGE-Notebook.108423.0.html
… is there a solution?
Universal 2nd Factor
FIDO Alliance Fast IDentity Online • Formed in 2012 to
create a new industry standard • Initially worked on a Password-less protocol • U2F started by Google, Yubico and NXP in 2011 and joined FIDO in 2013
None
Universal 2nd Factor
The Promise of U2F It Just Works! * * in
Google Chrome for now
None
None
None
Stina Ehrensvard CEO & Founder
July 2015 A feature plugin was approved for core. https://wordpress.org/plugins/two-factor/
December 2015 “We can’t have users lock themselves out” January 2016 Decided to work only on Application Passwords to meet the 4.5 cycle (April 2016). Join #core-passwords on WordPress Slack! Two Step in WordPress Core
None
https://twofactorauth.org
Get Your U2F Key Yubico.com Coupon Code: wordcamp2016-100yk4
Kaspars Dambis kaspars.net
[email protected]
A134 BA02 60D4 3F8E ACC8 89D9
94F1 3532 A319 EA5D We’re hiring! xwp.co/jobs
SiteGround - Reliable hosting with speed, security, and support you can count on.
kasparsd
pei0804
masasuzu
yuya4
sansan33
ocise
shinyorke
a2ito
memiug
yudai00
lycorptech_jp
rkaga
jonoalderson
honnibal
jacobian
cassininazir
tammyeverts
hatefulcrawdad
keithpitt
caitiem20
![Kaspars Dambis kaspars.net [email protected] A134 BA02 60D4 3F8E ACC8 89D9](https://files.speakerdeck.com/presentations/f24925719cc3458b872e492d0f8da5bb/slide_44.jpg){kind=link}