SlideShare a Scribd company logo

2 Factor Authentication for Wordpress

Askkiz - Security, Cloud & Social Media GRCS
Askkiz - Security, Cloud & Social Media GRCS

One of the sites I administer was recently attacked to the point the security module triggered an alert. I know there are many amature bloggers and web developers out there who use Wordpress. There are some pretty simple steps to raising the level of security on your site and this simple presentation takes you though them.

TechnologyNews & Politics
1 of 21
General Password Tips &
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ Purpose built password cracking machine cluster. Capable of 350 billion password guesses per second. 958 (6.6 Thousand Trillion) Combinations in 5.5 hours http://passwords12.at.ifi.uio.no/Jeremi_Gosney_Password_Cracking_HPC_Passwords12.pdf Dec 14, 2009 – Rockyou data breach exposes 32 MILLION user accounts and passwords April 2013 – “Yahoo email accounts have been hacked for the fourth time in as many months” http://siliconangle.com/blog/2013/04/30/yahoo-mail-hacked-again-serious-questions-raised-about-its-ability-to-protect-users/ These, and many more examples like it mean you need to begin using higher level of security for everyday tasks.
What would you do if you received this email from your WordPress site's security plug-in? What prompted me to create this document? I have recently been helping a customer recover from a public domain email hack - See my Article LINK: “2 Factor Authentication – why everyone needs it.“ for more information I received the pasted email from a security plug-in of one of the sites I administer which shows that attempts were made from a Russian Federation IP address to compromise the site administration console.
As described in the article: LINK: "Anatomy of a hack" Your bare minimum defence is a STRONG password: ● Minimum of 11 characters ● upper- and lower-case letters, numbers, and letters. ● No pattern based passwords, ● eg qwerty12345, P@as$w0rd4321, lastnamefirstname etc So what can you do? Part 1
● Utilise a password manager. ● Some good considerations and example given here: LINK "Which Password Manager" ● A very comprehensive comparison of 25 popular Password managers here: LINK "Password managers" ● Secure the Password Manager ● “Do what cryptographers do: use a passphrase.” ● go to LINK "diceware", and follow the instructions there for generating a near* foolproof passphrase. ● *nothing is ever absolutely secure So what can you do? Part 2
● Those takeaways again: ● Don't try to be password clever - The only thing that works is random ● Use a computer to achieve a truly random password ● Use a secure password manager, to manage your passwords. ● Secure your password manager with the cryptographer-approved method of generating the only passphrase that you will actually need to remember So what can you do?
AND!Utilise the growing number of freely available 2 factor authentication devices The remainder of this presentation will guide you, step-by-step through configuring 2 factor authentication in your WORDPRESS site(s). In this example, I use: The Wordpress plugin – Google Authenticator & The Android app – Google Authenticator. These are, by no means the be-all & end-all components to use, but they are easy which is always a big advantage. 1st - let's setup Wordpress!
30 May, 2013 © 2013 Askkiz 8 SETUP IN WORDPRESSSETUP IN WORDPRESS
30 May, 2013 © 2013 Askkiz 9 SETUP IN WORDPRESSSETUP IN WORDPRESS
30 May, 2013 © 2013 Askkiz 10 SETUP IN WORDPRESSSETUP IN WORDPRESS
30 May, 2013 © 2013 Askkiz 11 SETUP IN WORDPRESSSETUP IN WORDPRESS Select the users to which the 2-factor authentication will apply. Ideally any user with the ability to modify your site, posts and settings
30 May, 2013 © 2013 Askkiz 12 SETUP IN WORDPRESSSETUP IN WORDPRESS This is the description that will appear on your phone
30 May, 2013 © 2013 Askkiz 13 SETUP IN WORDPRESSSETUP IN WORDPRESS You will eventually scan this with your phone
30 May, 2013 © 2013 Askkiz 14 https://itunes.apple.com/us/app/google-authenticator/id388497605 https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 As mentioned previously, there are a number of apps available to enable the use of 2 factor authentication. This presentation is using “Google Authenticator” Below are the locations for it availability on iPhone, iPads and all Android devices.
30 May, 2013 © 2013 Askkiz 15 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
30 May, 2013 © 2013 Askkiz 16 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
30 May, 2013 © 2013 Askkiz 17 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
30 May, 2013 © 2013 Askkiz 18 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
30 May, 2013 © 2013 Askkiz 19
30 May, 2013 © 2013 Askkiz 20 The next time you sign into your WordPress site – you will beThe next time you sign into your WordPress site – you will be presented with this slightly modified Log In screenpresented with this slightly modified Log In screen Take this number and put it in the box
30 May, 2013 © 2013 Askkiz 21 I trust this presentation has been enlightening, helpful andI trust this presentation has been enlightening, helpful and informative.informative. For assistance setting this up, and any other advice on securingFor assistance setting this up, and any other advice on securing your digital environment, contact me directly.your digital environment, contact me directly. ● IT SecurityIT Security ● Cloud ServicesCloud Services ● Social Media Governance, Risk, Compliance & SecuritySocial Media Governance, Risk, Compliance & Security Kieran CookKieran Cook Owner / CEO AskkizOwner / CEO Askkiz office@askkiz.com.auoffice@askkiz.com.au facebook.com/askkiz.aufacebook.com/askkiz.au linkedin.com.au/company/askkizlinkedin.com.au/company/askkiz

Recommended

Naswiz perfect app
Naswiz perfect appNaswiz perfect app
Naswiz perfect appdhekanenandkishor
 
How To Hack instagram Account
How To Hack instagram AccountHow To Hack instagram Account
How To Hack instagram Account
iuniyw kinke
 
Test1
Test1Test1
Test1
Suraj Padmasali
 
Digital safety
Digital safetyDigital safety
Digital safetypsusmith
 
Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014
Paris Android User Group
 
Webinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecurityWebinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri Security
Sucuri
 
What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?
Quick Heal Technologies Ltd.
 
How to disable google factory reset protection
How to disable google factory reset protectionHow to disable google factory reset protection
How to disable google factory reset protection
MicroTech3
 

Recommended

Naswiz perfect app
Naswiz perfect appNaswiz perfect app
Naswiz perfect appdhekanenandkishor
 
How To Hack instagram Account
How To Hack instagram AccountHow To Hack instagram Account
How To Hack instagram Account
iuniyw kinke
 
Test1
Test1Test1
Test1
Suraj Padmasali
 
Digital safety
Digital safetyDigital safety
Digital safetypsusmith
 
Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014
Paris Android User Group
 
Webinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri SecurityWebinar: Personal Online Privacy - Sucuri Security
Webinar: Personal Online Privacy - Sucuri Security
Sucuri
 
What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?What is Ransomware and How to Stay Away from it?
What is Ransomware and How to Stay Away from it?
Quick Heal Technologies Ltd.
 
How to disable google factory reset protection
How to disable google factory reset protectionHow to disable google factory reset protection
How to disable google factory reset protection
MicroTech3
 
things you should know before you started programming - computer technology c...
things you should know before you started programming - computer technology c...things you should know before you started programming - computer technology c...
things you should know before you started programming - computer technology c...
Red Red
 
steps para sa malinis at matinong code - computer technology computer science...
steps para sa malinis at matinong code - computer technology computer science...steps para sa malinis at matinong code - computer technology computer science...
steps para sa malinis at matinong code - computer technology computer science...
Red Red
 
tips in creating your own system - computer technology computer science infor...
tips in creating your own system - computer technology computer science infor...tips in creating your own system - computer technology computer science infor...
tips in creating your own system - computer technology computer science infor...
Red Red
 
Geekatoo
GeekatooGeekatoo
Geekatoo500 Startups
 
probed
probedprobed
probed
SecureBacklink1
 
Naswiz livesupport app
Naswiz livesupport appNaswiz livesupport app
Naswiz livesupport appdhekanenandkishor
 
Top 10 Web Hacking Techniques of 2014
Top 10 Web Hacking Techniques of 2014Top 10 Web Hacking Techniques of 2014
Top 10 Web Hacking Techniques of 2014
Quick Heal Technologies Ltd.
 
top beginner projects for new programmers and coding languages - computer tec...
top beginner projects for new programmers and coding languages - computer tec...top beginner projects for new programmers and coding languages - computer tec...
top beginner projects for new programmers and coding languages - computer tec...
Red Red
 
Logs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteLogs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress Site
Sucuri
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?paula_bolivar
 
AVG antivirus 2012 discount coupon code
AVG antivirus 2012 discount coupon codeAVG antivirus 2012 discount coupon code
AVG antivirus 2012 discount coupon code
Discount Coupon
 
Ransomwarever1
Ransomwarever1Ransomwarever1
Ransomwarever1
quickheal_co_ir
 
Activate hidden themes in Windows 7
Activate hidden themes in Windows 7Activate hidden themes in Windows 7
Activate hidden themes in Windows 7
thesoftwareguy7
 
Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and Consumers
FIDO Alliance
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
FIDO Alliance
 
Google Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationGoogle Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authentication
FIDO Alliance
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
FIDO Alliance
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
FIDO Alliance
 
5 Steps to Secure Google Drive
5 Steps to Secure Google Drive5 Steps to Secure Google Drive
5 Steps to Secure Google Drive
Datto
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
Shubham Gupta
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
Mastering the Art and Science of Video Creation
Mastering the Art and Science of Video CreationMastering the Art and Science of Video Creation
Mastering the Art and Science of Video Creation
Emma Blogger
 

More Related Content

What's hot

things you should know before you started programming - computer technology c...
things you should know before you started programming - computer technology c...things you should know before you started programming - computer technology c...
things you should know before you started programming - computer technology c...
Red Red
 
steps para sa malinis at matinong code - computer technology computer science...
steps para sa malinis at matinong code - computer technology computer science...steps para sa malinis at matinong code - computer technology computer science...
steps para sa malinis at matinong code - computer technology computer science...
Red Red
 
tips in creating your own system - computer technology computer science infor...
tips in creating your own system - computer technology computer science infor...tips in creating your own system - computer technology computer science infor...
tips in creating your own system - computer technology computer science infor...
Red Red
 
probed
probedprobed
probed
SecureBacklink1
 
Top 10 Web Hacking Techniques of 2014
Top 10 Web Hacking Techniques of 2014Top 10 Web Hacking Techniques of 2014
Top 10 Web Hacking Techniques of 2014
Quick Heal Technologies Ltd.
 
top beginner projects for new programmers and coding languages - computer tec...
top beginner projects for new programmers and coding languages - computer tec...top beginner projects for new programmers and coding languages - computer tec...
top beginner projects for new programmers and coding languages - computer tec...
Red Red
 
Logs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteLogs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress Site
Sucuri
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?paula_bolivar
 
AVG antivirus 2012 discount coupon code
AVG antivirus 2012 discount coupon codeAVG antivirus 2012 discount coupon code
AVG antivirus 2012 discount coupon code
Discount Coupon
 
Ransomwarever1
Ransomwarever1Ransomwarever1
Ransomwarever1
quickheal_co_ir
 
Activate hidden themes in Windows 7
Activate hidden themes in Windows 7Activate hidden themes in Windows 7
Activate hidden themes in Windows 7
thesoftwareguy7
 

What's hot (13)

things you should know before you started programming - computer technology c...
things you should know before you started programming - computer technology c...things you should know before you started programming - computer technology c...
things you should know before you started programming - computer technology c...
 
steps para sa malinis at matinong code - computer technology computer science...
steps para sa malinis at matinong code - computer technology computer science...steps para sa malinis at matinong code - computer technology computer science...
steps para sa malinis at matinong code - computer technology computer science...
 
tips in creating your own system - computer technology computer science infor...
tips in creating your own system - computer technology computer science infor...tips in creating your own system - computer technology computer science infor...
tips in creating your own system - computer technology computer science infor...
 
Geekatoo
GeekatooGeekatoo
Geekatoo
 
probed
probedprobed
probed
 
Naswiz livesupport app
Naswiz livesupport appNaswiz livesupport app
Naswiz livesupport app
 
Top 10 Web Hacking Techniques of 2014
Top 10 Web Hacking Techniques of 2014Top 10 Web Hacking Techniques of 2014
Top 10 Web Hacking Techniques of 2014
 
top beginner projects for new programmers and coding languages - computer tec...
top beginner projects for new programmers and coding languages - computer tec...top beginner projects for new programmers and coding languages - computer tec...
top beginner projects for new programmers and coding languages - computer tec...
 
Logs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress SiteLogs: Understanding Them to Better Manage Your WordPress Site
Logs: Understanding Them to Better Manage Your WordPress Site
 
How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?How to remove isearch.omiga-plus.com?
How to remove isearch.omiga-plus.com?
 
AVG antivirus 2012 discount coupon code
AVG antivirus 2012 discount coupon codeAVG antivirus 2012 discount coupon code
AVG antivirus 2012 discount coupon code
 
Ransomwarever1
Ransomwarever1Ransomwarever1
Ransomwarever1
 
Activate hidden themes in Windows 7
Activate hidden themes in Windows 7Activate hidden themes in Windows 7
Activate hidden themes in Windows 7
 

Similar to 2 Factor Authentication for Wordpress

Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and Consumers
FIDO Alliance
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
FIDO Alliance
 
Google Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationGoogle Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authentication
FIDO Alliance
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
FIDO Alliance
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
FIDO Alliance
 
5 Steps to Secure Google Drive
5 Steps to Secure Google Drive5 Steps to Secure Google Drive
5 Steps to Secure Google Drive
Datto
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
Shubham Gupta
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
Cláudio André
 
Mastering the Art and Science of Video Creation
Mastering the Art and Science of Video CreationMastering the Art and Science of Video Creation
Mastering the Art and Science of Video Creation
Emma Blogger
 
Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...
Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...
Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...
cyberforgeacademy
 
Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)
Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)
Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)
Joshua McNary
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
Product School
 
Best Practices for Password Creation
Best Practices for Password CreationBest Practices for Password Creation
Best Practices for Password Creation
nFront Security
 
Don't let your WordPress site get hacked
Don't let your WordPress site get hackedDon't let your WordPress site get hacked
Don't let your WordPress site get hacked
Victoria Darling
 
The Google Hack VSeries.pdf
The Google Hack VSeries.pdfThe Google Hack VSeries.pdf
The Google Hack VSeries.pdf
Osama Khalil
 
Comment pirater le site de mon concurrent.. et securiser le mien
Comment pirater le site de mon concurrent.. et securiser le mienComment pirater le site de mon concurrent.. et securiser le mien
Comment pirater le site de mon concurrent.. et securiser le mien
Julien Dereumaux
 
2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang
mjchang
 
How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)
Jack Forbes
 
Lets exploit Injection and XSS
Lets exploit Injection and XSSLets exploit Injection and XSS
Lets exploit Injection and XSSlethalduck
 
Exploitation of Injection and XSS
Exploitation of Injection and XSSExploitation of Injection and XSS
Exploitation of Injection and XSSKim Carter
 

Similar to 2 Factor Authentication for Wordpress (20)

Google Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and ConsumersGoogle Case Study: Strong Authentication for Employees and Consumers
Google Case Study: Strong Authentication for Employees and Consumers
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
 
Google Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authenticationGoogle Case Study - Towards simpler, stronger authentication
Google Case Study - Towards simpler, stronger authentication
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
 
5 Steps to Secure Google Drive
5 Steps to Secure Google Drive5 Steps to Secure Google Drive
5 Steps to Secure Google Drive
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Mastering the Art and Science of Video Creation
Mastering the Art and Science of Video CreationMastering the Art and Science of Video Creation
Mastering the Art and Science of Video Creation
 
Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...
Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...
Awareness Guide For Social Media Influencers - Influencers Meetup - CyberForg...
 
Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)
Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)
Protect Your Site: Security Tips For WordPress (GoDaddy "The Campfire" Hangout)
 
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
How to Incorporate a Security-First Approach to Your Products by spiderSlik C...
 
Best Practices for Password Creation
Best Practices for Password CreationBest Practices for Password Creation
Best Practices for Password Creation
 
Don't let your WordPress site get hacked
Don't let your WordPress site get hackedDon't let your WordPress site get hacked
Don't let your WordPress site get hacked
 
The Google Hack VSeries.pdf
The Google Hack VSeries.pdfThe Google Hack VSeries.pdf
The Google Hack VSeries.pdf
 
Comment pirater le site de mon concurrent.. et securiser le mien
Comment pirater le site de mon concurrent.. et securiser le mienComment pirater le site de mon concurrent.. et securiser le mien
Comment pirater le site de mon concurrent.. et securiser le mien
 
2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang2018 android-security-udacity-morrison chang
2018 android-security-udacity-morrison chang
 
How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)How secure is two factor authentication (2 fa)
How secure is two factor authentication (2 fa)
 
Lets exploit Injection and XSS
Lets exploit Injection and XSSLets exploit Injection and XSS
Lets exploit Injection and XSS
 
Exploitation of Injection and XSS
Exploitation of Injection and XSSExploitation of Injection and XSS
Exploitation of Injection and XSS
 

Recently uploaded

When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 

Recently uploaded (20)

When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 

2 Factor Authentication for Wordpress

  • 2. http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ Purpose built password cracking machine cluster. Capable of 350 billion password guesses per second. 958 (6.6 Thousand Trillion) Combinations in 5.5 hours http://passwords12.at.ifi.uio.no/Jeremi_Gosney_Password_Cracking_HPC_Passwords12.pdf Dec 14, 2009 – Rockyou data breach exposes 32 MILLION user accounts and passwords April 2013 – “Yahoo email accounts have been hacked for the fourth time in as many months” http://siliconangle.com/blog/2013/04/30/yahoo-mail-hacked-again-serious-questions-raised-about-its-ability-to-protect-users/ These, and many more examples like it mean you need to begin using higher level of security for everyday tasks.
  • 3. What would you do if you received this email from your WordPress site's security plug-in? What prompted me to create this document? I have recently been helping a customer recover from a public domain email hack - See my Article LINK: “2 Factor Authentication – why everyone needs it.“ for more information I received the pasted email from a security plug-in of one of the sites I administer which shows that attempts were made from a Russian Federation IP address to compromise the site administration console.
  • 4. As described in the article: LINK: "Anatomy of a hack" Your bare minimum defence is a STRONG password: ● Minimum of 11 characters ● upper- and lower-case letters, numbers, and letters. ● No pattern based passwords, ● eg qwerty12345, P@as$w0rd4321, lastnamefirstname etc So what can you do? Part 1
  • 5. ● Utilise a password manager. ● Some good considerations and example given here: LINK "Which Password Manager" ● A very comprehensive comparison of 25 popular Password managers here: LINK "Password managers" ● Secure the Password Manager ● “Do what cryptographers do: use a passphrase.” ● go to LINK "diceware", and follow the instructions there for generating a near* foolproof passphrase. ● *nothing is ever absolutely secure So what can you do? Part 2
  • 6. ● Those takeaways again: ● Don't try to be password clever - The only thing that works is random ● Use a computer to achieve a truly random password ● Use a secure password manager, to manage your passwords. ● Secure your password manager with the cryptographer-approved method of generating the only passphrase that you will actually need to remember So what can you do?
  • 7. AND!Utilise the growing number of freely available 2 factor authentication devices The remainder of this presentation will guide you, step-by-step through configuring 2 factor authentication in your WORDPRESS site(s). In this example, I use: The Wordpress plugin – Google Authenticator & The Android app – Google Authenticator. These are, by no means the be-all & end-all components to use, but they are easy which is always a big advantage. 1st - let's setup Wordpress!
  • 8. 30 May, 2013 © 2013 Askkiz 8 SETUP IN WORDPRESSSETUP IN WORDPRESS
  • 9. 30 May, 2013 © 2013 Askkiz 9 SETUP IN WORDPRESSSETUP IN WORDPRESS
  • 10. 30 May, 2013 © 2013 Askkiz 10 SETUP IN WORDPRESSSETUP IN WORDPRESS
  • 11. 30 May, 2013 © 2013 Askkiz 11 SETUP IN WORDPRESSSETUP IN WORDPRESS Select the users to which the 2-factor authentication will apply. Ideally any user with the ability to modify your site, posts and settings
  • 12. 30 May, 2013 © 2013 Askkiz 12 SETUP IN WORDPRESSSETUP IN WORDPRESS This is the description that will appear on your phone
  • 13. 30 May, 2013 © 2013 Askkiz 13 SETUP IN WORDPRESSSETUP IN WORDPRESS You will eventually scan this with your phone
  • 14. 30 May, 2013 © 2013 Askkiz 14 https://itunes.apple.com/us/app/google-authenticator/id388497605 https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 As mentioned previously, there are a number of apps available to enable the use of 2 factor authentication. This presentation is using “Google Authenticator” Below are the locations for it availability on iPhone, iPads and all Android devices.
  • 15. 30 May, 2013 © 2013 Askkiz 15 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
  • 16. 30 May, 2013 © 2013 Askkiz 16 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
  • 17. 30 May, 2013 © 2013 Askkiz 17 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
  • 18. 30 May, 2013 © 2013 Askkiz 18 SMARTPHONESMARTPHONE SETUPSETUP The Google AuthenticatorThe Google Authenticator App is available on AndroidApp is available on Android and iPhoneand iPhone
  • 19. 30 May, 2013 © 2013 Askkiz 19
  • 20. 30 May, 2013 © 2013 Askkiz 20 The next time you sign into your WordPress site – you will beThe next time you sign into your WordPress site – you will be presented with this slightly modified Log In screenpresented with this slightly modified Log In screen Take this number and put it in the box
  • 21. 30 May, 2013 © 2013 Askkiz 21 I trust this presentation has been enlightening, helpful andI trust this presentation has been enlightening, helpful and informative.informative. For assistance setting this up, and any other advice on securingFor assistance setting this up, and any other advice on securing your digital environment, contact me directly.your digital environment, contact me directly. ● IT SecurityIT Security ● Cloud ServicesCloud Services ● Social Media Governance, Risk, Compliance & SecuritySocial Media Governance, Risk, Compliance & Security Kieran CookKieran Cook Owner / CEO AskkizOwner / CEO Askkiz office@askkiz.com.auoffice@askkiz.com.au facebook.com/askkiz.aufacebook.com/askkiz.au linkedin.com.au/company/askkizlinkedin.com.au/company/askkiz