search

WordPress / two-factor

Two-Factor Authentication for WordPress.
https://wordpress.org/plugins/two-factor/
GNU General Public License v2.0
727 stars 153 forks source link

Backup Codes (Improve 8 to 12 numbers) #374

Open JohnPlanetary opened 4 years ago

JohnPlanetary commented 4 years ago

It would be nice to improve the "Backup Codes" option from 8 numbers to 12 numbers.

Example: 97997695 > 520184887438

These should probably mean than in a online attack scenario (assuming one thousand guesses per second) it should jump from 1.29 days for 8 numbers, to 35.33 years for the 12 numbers.

I think everyone would feel a little less concern with random online guessing with these small improvement.

For human usability maybe use dashes between numbers: 520184887438 would look: 5201-8488-7438

My1 commented 4 years ago

I'd use spaces rather than dashes but making them more readable is a very nice idea.

These should probably mean than in a online attack scenario (assuming one thousand guesses per second)

ratelimiting might be useful here.

but 12 numbers are defintiely not a bad idea.

iandunn commented 2 years ago

477 / #482 is another approach to solve this problem. It seems better to me, since it detects and fixes the huge problem of the password being compromised.

jeffpaul commented 1 month ago

Perhaps a similar approach like in #419 where we introduce a filter for someone to enable this but otherwise have the default stay as 8?