[Plugin: Google Authenticator] Feature requests: changing time period, entering own secret

Hi Heypete
Sorry, but I really don’t see the point of cluttering up the userinterface in order to support some hardware token, when there is a completely free app from Google available.

I have intentions of turning this plugin into some switch army knife plugin supporting multiple ways of authenticating.
The Google Authenticator app seems to be the right choice, as you probably are aware, more and more services are adapting the Google Authenticator app these days.

Best regards
Henrik Schack

Hi Henrik,

Yes, there is a free app from Google, but not everyone has their smartphones (or compatible devices) with them at all times. Hardware tokens also offer a degree of isolation compared to smartphones: the token has no interface with the outside world and so is much less likely to be hacked or otherwise compromised compared to an smartphone.

I use the Google Authenticator app for some sites, but prefer the hardware token for others — as both the token and the Google Authenticator app both implement the OATH standard (albeit it with different time intervals), this isn’t usually a problem.

I appreciate the desire for simplicity, but it’s also nice to have some choices that would allow users to use other OATH-compliant software/devices rather than be limited to the behavior of a specific smartphone app.

Rather than fork the plugin, I’d be happy to contribute some patches that implement the features I propose while also maintaining the simplicity of the user interface. You’d be under no obligation to implement the patches, of course, but I figured I could be of some use. ??

Cheers!
-Pete

Hi Pete
This plugin is not aiming at übergeeks, I created it in order for normal people to be able to secure their WordPress login with a technology they probably already know from Dropbox, Lastpass, Amazon Google, Guild Wars 2 etc.
These hardware tokens are so “not normal” I haven’t even seen them for sale anywhere here in Denmark

I think it’s vital to keep things as simple as possible.
Supporting this plugin, without owning an iPhone is a pain, supporting it without owning one of all these hardware tokens would be pure hell ??
Therefore : I wont add support for hardware tokens.

Btw. I don’t know that many people ever leaving home without their phone.

Best regards
Henrik Schack

Hi Henrik,

Fair enough.

For reference, gooze.eu (located in France) sells the tokens and other such devices. I have no affiliation with them other than as a customer so don’t think I’m trying to spam for them. I’m in Switzerland, and I agree that such tokens are not commonly available at retail (though Blizzard and PayPal both offer hardware tokens for more secure logins, so they’re not unheard of).

If you want some help in regards to iPhone compatibility, please feel free to contact me off-forum and I’d be happy to help as I have a iOS device here for testing. That said, the nice thing with the various Google Authenticator apps on different platforms (and on hardware tokens) is that they all implement the same standard, keeping life a bit easier. ??

I may be one of the rare people who doesn’t leave home with a smartphone: I have a rather “dumb” phone that makes calls and sends/receives SMS messages. It’s nice because the battery lasts for weeks. I also have an iPod Touch (which runs the iOS Google Authenticator app, among other things) but I don’t like carrying it around all the time when I’m not going to be listening to music (one less thing to carry). My hardware token is on my keyring, which is always with me.

Anyway, if you ever decide to change your mind and want to support OATH-compatible hardware tokens I’d be happy to help in whatever way I can.

Cheers!
-Pete

Ok thanks a lot, if I ever change my mind, you’ll be the first to know.

Btw it’s not possible to purchase the Paypal token in Denmark, I’ve been asking Paypal support for it for years without any luck ??

Best regards
Henrik Schack

+1 on this.
Fully agree that support for hardware devices would be good.