Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Two Step WordPress Security
Search
Kaspars
February 22, 2016
Technology
0
78
Two Step WordPress Security
From WordCamp Norway 2016.
Kaspars
February 22, 2016
Tweet
Share
More Decks by Kaspars
See All by Kaspars
WordCamp Oslo 2018: How to Write Better Code Automatically
kasparsd
0
66
How to Write Better Code Automatically
kasparsd
0
62
My Story of Building a Commercial WordPress Plugin
kasparsd
0
83
WordPress REST API un Calypso
kasparsd
0
81
Take Control of Your Widgets
kasparsd
1
1k
Other Decks in Technology
See All in Technology
MagicPod導入から半年、オープンロジQAチームで実際にやったこと
tjoko
0
110
新アイテムをどう使っていくか?みんなであーだこーだ言ってみよう / 20250911-rpi-jam-tokyo
akkiesoft
0
350
Claude Code でアプリ開発をオートパイロットにするためのTips集 Zennの場合 / Claude Code Tips in Zenn
wadayusuke
5
2.3k
Evolución del razonamiento matemático de GPT-4.1 a GPT-5 - Data Aventura Summit 2025 & VSCode DevDays
lauchacarro
0
210
CDK CLIで使ってたあの機能、CDK Toolkit Libraryではどうやるの?
smt7174
4
190
共有と分離 - Compose Multiplatform "本番導入" の設計指針
error96num
2
1.2k
S3アクセス制御の設計ポイント
tommy0124
3
210
[ JAWS-UG 東京 CommunityBuilders Night #2 ]SlackとAmazon Q Developerで 運用効率化を模索する
sh_fk2
3
460
JTCにおける内製×スクラム開発への挑戦〜内製化率95%達成の舞台裏/JTC's challenge of in-house development with Scrum
aeonpeople
0
270
Wantedlyの開発組織における生成AIの浸透プロジェクトについて
kotominaga
2
110
AWSを利用する上で知っておきたい名前解決のはなし(10分版)
nagisa53
10
3.2k
EncryptedSharedPreferences が deprecated になっちゃった!どうしよう! / Oh no! EncryptedSharedPreferences has been deprecated! What should I do?
yanzm
0
500
Featured
See All Featured
Into the Great Unknown - MozCon
thekraken
40
2k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
229
22k
Embracing the Ebb and Flow
colly
87
4.8k
How STYLIGHT went responsive
nonsquared
100
5.8k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.1k
Agile that works and the tools we love
rasmusluckow
330
21k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.9k
Transcript
None
Two Step WordPress Security Kaspars Dambis WordCamp Norway /
February 20, 2016
Authentication Authorization Who are you? Authentication What can you do?
Demo: WordPress and Public Key Infrastructure
Authentication Source: http://www.andrews-sykes.com/blog/wp-content/uploads/2014/06/Reception_Metropol.jpg
Authorization Source: http://www.juliebolder.com/weeds_2010_season_6.htm
One Step Authentication
One Step Authentication
Two Step Something You Know Authentication Something You Have +
Two Step Authentication Something You Have +
Two Step Authentication + PIN
But There is a Problem
Bad User Experience
Bad User Experience
123456 password 12345678 qwerty 12345 123456789 letmein Source: http://gizmodo.com/the-25-most-popular-passwords-of-2015-were-all-such-id-1753591514 Passwords
A UX Problem
A UX Problem
A UX Problem
https://xkcd.com/936/
Tr0ub4dor&3 https://xkcd.com/936/ 3 days at 1000 guesses per second
https://xkcd.com/936/ 550 years at 1000 guesses per second correct horse
battery staple
https://xkcd.com/936/ correct horse battery staple but 25 keystrokes
• One “Master” Password • Password Generation • Password Auto-fill
• Available on Desktop and Mobile Use a Password Manager
• One “Master” Password • Password Generation • Password Auto-fill
• Available on Desktop and Mobile Use a Password Manager Social Engineering
What about Two Step?
Two Step: One-Time Passwords +
You still have to type in 6 digits every time
Two Step: One-Time Passwords
Two Step: One-Time Passwords Demo?
Two Step: PKI Smartcards Have to use a SmartCard reader
and install drivers on every computer Uses a secure element for all cryptographic functions
Source: http://www.notebookcheck.net/Review-Lenovo-ThinkPad-T440p-20AN-006VGE-Notebook.108423.0.html
… is there a solution?
Universal 2nd Factor
FIDO Alliance Fast IDentity Online • Formed in 2012 to
create a new industry standard • Initially worked on a Password-less protocol • U2F started by Google, Yubico and NXP in 2011 and joined FIDO in 2013
None
Universal 2nd Factor
The Promise of U2F It Just Works! * * in
Google Chrome for now
None
None
None
Stina Ehrensvard CEO & Founder
July 2015 A feature plugin was approved for core. https://wordpress.org/plugins/two-factor/
December 2015 “We can’t have users lock themselves out” January 2016 Decided to work only on Application Passwords to meet the 4.5 cycle (April 2016). Join #core-passwords on WordPress Slack! Two Step in WordPress Core
None
https://twofactorauth.org
Get Your U2F Key Yubico.com Coupon Code: wordcamp2016-100yk4
Kaspars Dambis kaspars.net
[email protected]
A134 BA02 60D4 3F8E ACC8 89D9
94F1 3532 A319 EA5D We’re hiring! xwp.co/jobs