In this blog post, I hope to write up about my first impressions of the WordPress Plugin, Magic Password, as well as explain a bit about what it does. Cryptography is a new Blog category here on my work blog. The plugin, Magic Password, seems a “magic” fix to a problem that may not exist in the real world for smaller sites – but I will dive into that later.
Well, what is Magic Password? Magic Password is a WordPress plugin that I can install on a clients site that will lessen brute-force attacks via the login screen. The premise is simple – you install the mobile app on your Android or iOS Device and then you can install the plugin on your WordPress build.
The mobile device is used to scan a QR Code upon request for a login as an administrator, negating the use of passwords. This means that if you do not have a password manager on your machine or you have an easy to hack password then this could keep you safe.
The only downside to the app that I can see is the problems faced if you lose your phone? Most people (I hope) have a back up of their phone on their machine. But, if you lose your mobile device then there will be complications in logging into your site.
The app claims to change the login tokens every thirty seconds and you can have multiple users on one platform – the great thing to know is that no passwords are stored in the cloud.
This means that absolutely nobody can login to your website (as an admin) without authentication from your phone. I guess if you lose your phone you are up the creek without a paddle until you replace your phone with an identical model and restore the backup of your phone from your computer.
However, is this necessary? Is this level of Cryptography necessary for a small blog? If you are a 1-author site and you have a love of fiddly tech – yeah, great, I really recommend it: it seems a lot of fun (until you lose your phone). Magic Password is one of the quickest ways of having two-factor verification on your WordPress build that does not have call-costs.
I have installed in on my personal Blog (Ijo Pona) and I feel like something on Minority Report. The turnaround from trying to login to being at the backend of my site, on the Dashboard, is incredibly quick – almost around thirty seconds.
It seems secure, it seems okay. With this plugin, Magic Password, I am in the future – but it may prove to be a plugin for a plugin’s sake; people who love code will dig it.
I dig it.