Authy Two Factor Authentication

Authy helps you increase security for your user accounts in your WordPress site by using strong Two-Factor authentication. The plugin can be installed and configured in a matter of minutes. Two-Factor Authentication protects you from password re-use, phishing and keylogger attacks. The Authy WordPress plugin was designed so that anyone can install it, configure it and use it. Security shouldn't be painful! NOTICE If you are running an older version of the WordPress plugin (i.e. 2.5.5 and below) and you are running a version of Wordpress 4.5 and above, please upgrade your Authy plugin to 3.0 and above to remediate a problem where 2FA can be bypassed in certain circumstances. How it Works Usually you use only a username and a password to login to your blog. If your password is stolen or guessed, someone else can now login to your blog. Therefore with two-factor authentication, you use an additional step to login and one that uses something you have in your possession that is harder to steal. Authy uses your phone number as the extra piece of security and there are a few ways it is used.

1. Get a security token via SMS or a phone call. This code is then used to login with your username and password.
2. Generate the same token using Authy, our mobile application.
3. Get a push notification via Authy, out mobile application. This is a lot more secure and easier way to login.

Watch out our video tutorial https://player.vimeo.com/video/58410368 Easy Installation Authy plugin takes five minutes to install and requires no security knowledge. Powerful security Two-Factor Authentication is used by the largest organizations in the world because it works. With Authy you get benefits without the hassle of managing it yourself. Full control You can allow your users to opt-in on WordPress two-factor authentication or Admins can force two-factor authentication on users. Role based You can control which users require two-factor authentication based on their WordPress role. Plugin is open source and can be found at https://github.com/authy/authy-wordpress/

3.0.2

• Added missed name attribute to submit input.
• Added defer to onetouch js.
• Reduce verbosity of logging unless WP_DEBUG set to true.
• Added japanese translation.
• Disable autocomplete for token input.

3.0.1

• Fixed error in some filenames.

3.0

• Add support for Authy OneTouch.
• Resolved a WordPress 4.5 security issue where 2FA config was being ignored in some circumstances.
• Updated to support WordPress 4.5
• Resolved issue where incomplete 2FA configurations could be returned to and completed.

2.5.5

• Customize the user agent for the request to the Authy API
• Validate the format of the user id and tokens.

2.5.4

• Fixed the login styles for WordPress 3.9.
• Fix the login url action when the hidden backend option is enabled in a security plugin.

2.5.3

• Fixed the include of color-fresh.css file, the file was renamed to colors.css on WordPress 3.8
• Added translations for Spanish language.

2.5.2

• Encode the values on query before to sending to Authy API

2.5.1

• Improved settings for disable/enable XML-RPC requests.
• Fix error message: Missing credentials, only display when the user tries to verify an authy token without signature.

2.5

• Improved the remember me option in the user authentication.
• Use manage_option capability for display the plugin settings page.

2.4

• Use the remember me option when authenticate the user.

2.3

• Hide the authy settings page for other users except for super admin (multisite)

2.2

• Hide some digits of the cellphone.

2.1

• Added missing images.

2.0

• Refactor code
• The admin can now force a user to enable Authy on next login.

1.3

• Display API errors when try to register a user.

1.2

• Fix update user profile and verify SSL certificates.

1.1

• Fix reported issues and refactor code.

1.0

• Initial public release.