This article was published on January 31, 2013

Authy releases a WordPress plugin enabling two-factor authentication to better protect against hacking


Authy releases a WordPress plugin enabling two-factor authentication to better protect against hacking

Authy, the Y Combinator-funded service that aims to better protect data online with two-factor authentication, has released a WordPress plugin so that publishers will feel secure about their blogs. In doing so, it is helping people move away from being dependent on a single login screen and places their faith in the use of tokens to help validate the identity of the people involved.

We spoke with founder Daniel Palacio, who says that he noticed that in the past year, millions of passwords were stolen when large sites like LinkedIn and Gamigo were hacked and compromised. Now, you can’t even really go about your day without hearing how someone’s account was affected and unwarranted things happened. Palacio wants to ensure that there’s some measure of protection that people can take so their sites are not affected. That’s where the Authy WordPress plugin comes into play.

WordPress is home to more than 60 million blogs and a popular platform — it gives users the ability to create and edit their own sites without needing to really understand programming. The platform is also used by some of the top sites on the Internet, including CNN, NBC Sports, UPS, and thousands more. Authy says its plugin will work well within WordPress because it’s designed to help anyone, technical or not, protect it using two-factor authentication in “under two minutes.”

The video above details how you can get started, but we’ve listed out the key steps for you here:

  1. Install the Authy plugin from within WordPress’s plugin directory
  2. Enable the plugin and add in the Authy production API key, which can be retrieved for free from the company’s website
  3. Every install requires a Authy account — there is a Starter/Dev box plan that is free to use

Once done, two-factor authentication is enabled on the site. Users can use it by going to their own profile page within WordPress — just select a country and enter in a cell phone number. A text message would be sent to the user with instructions on how to download the Authy app.

The next time they log into the site, they will be prompted for a token, which is delivered to the user via text message or through the Authy app. The token is a seven-digit number that changes every 20 seconds. Authy states that because the token is constantly changing, phishing and key-loggers have become ineffective tools hackers use to try and break in.

Authy has been rather busy over the last several months. Previously, it announced a partnership with security service CloudFlare and during the 2012 TwilioCon event, co-founder Jeffrey Lawson called Authy one of the “do’ers” of the industry.

Photo credit: Sean Gallup/Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with