UPDATE: I’ve added the plugin to the WordPress.org repository. If it gathers interest/attention then I may develop it further and add more stuff like SMS gateway support, configuration, etc… See: http://wordpress.org/extend/plugins/second-factor/
I really don’t know why, but the idea of adding a second authentication factor to WordPress blogs took hold of my brain tonight and needed an outlet. So I made this little proof of concept plugin: Second Factor. What it does is pretty simple:
- When you log in it goes through a series of cryptographic routines and generates some info which is stored in the database as a user option.
- A key is generated for you, and an email is sent to your listed email address.
- When you attempt to access a page while logged in it blocks you, asking for the key that was emailed to you
- Finally after entering this second authentication token you are allowed access to the site
I could see this being extended to Instant Messaging, SMS, IRC, or even integrated with a text-to-phone service to make an actual phone call which reads off the numbers to you.
What I don’t know is if anyone actually wants this… If this is even worthwhile. For me it was mainly a thought experiment. Would you want to have this kind of added security on your WP Installation?