Authentication without App

  • Resolved troop236bsa

    (@troop236bsa)


    7 years, 8 months ago

    Hello,

    I love this plugin – super simple and it works with TML! However, I was wondering if there could be a way for users to authenticate their login without an app?

    It would be rather difficult to ask all the members of my site to install an app on their phone, computer or browser just to authenticate their login.

    I was wondering if an email could be sent with an authentication code instead, since every account has an email attached to it? Is there a way for the plugin to do this?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author David Anderson

    (@davidanderson)

    Hi,

    We decided not to implement the sending of codes by email for two reasons:
    1) Email delivery is unreliable, and this leads to use frustration. Especially since under the standard TOTP protocol (which this plugin uses), one-time codes are valid for a short time.
    2) For the majority of users, email isn’t a true second factor, because WordPress allows them to reset their password via email. So, if both of those go to the same account, then there’s only one factor – access to one thing (the email account) gets you everything.

    David

    Thread Starter troop236bsa

    (@troop236bsa)

    David,

    Thanks for the quick reply.

    That’s fair enough. Thought I’d ask!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Authentication without App’ is closed to new replies.