warning that my password was compromised.

  • Resolved mamekichi

    (@mamekichi)


    1 month, 1 week ago

    When I used this plugin, I received a warning that my password was compromised. However, when I checked the site https://haveibeenpwned.com/ that appears in the link in the warning message, there was no actual leak.
    I guess this is because OTP is treated as password.

    Below is the warning text(by Wordefence

    WARNING: Your login has been allowed because you have previously logged in from the same IP, but you will be blocked if your IP changes. The password you are using exists on lists of passwords leaked in data breaches. Attackers use such lists to break into sites and install malicious code. Please change your password. Learn More

Viewing 1 replies (of 1 total)
  • Plugin Support pickpluginswporgrep

    (@pickpluginswporgrep)

    Hi @mamekichi ,
    The issue arises because the OTP is short or consists of common character combinations. However, we don’t believe this is a significant concern for a couple of reasons:

    1. Once a user logs in with the OTP, it expires and cannot be reused.
    2. We track the number of failed attempts for the OTP. If a user submits three incorrect attempts, we lock them out.

    Hope you understand.
    Regards.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.