For FAQ/readme: disables the Two Factor plugin

  • kitchin

    (@kitchin)


    11 months ago

    I noticed in this plugin’s wwa-compatibility.php that it disables the ‘wp_login’ hook of the plugin Two Factor. If this in fact disables the Two Factor plugin, then it seems that should be mentioned in FAQ, the readme, and a notice given to the user installing the plugin. I don’t see /two.+factor/i elsewhere in this plugin’s code.

    The relevant code was added in version 1.0.8, May 11, 2020, with the note “Improve: Compatibility with Two Factor plugin.”

Viewing 1 replies (of 1 total)
  • Plugin Author Axton

    (@axton)

    Hi kitchin,

    Yes, you are right. I’ll update README asap. I’d like to mention that this is not actually “disable” the Two Factor plugin, just “bypass” the 2FA when users trying to login through WebAuthn. When users trying to login by username and password, the Two Factor plugin will still work and ask for 2FA. This is because Two Factor is not compatible with wp-webauthn. Since WebAuthn offers same level of security naturally, it’s better to bypass 2FA when logging in through WebAuthn

    See https://github.com/yrccondor/wp-webauthn/issues/6

    Hope this helps.

Viewing 1 replies (of 1 total)
  • The topic ‘For FAQ/readme: disables the Two Factor plugin’ is closed to new replies.