Yubikey + iControlWP take Security to the next level

By 10th April 2014 January 22nd, 2016 iControlWP: Manage WordPress Better

Last week saw a funky new addition to the WordPress Simple Firewall plugin where you can now add Yubikey Authentication to all your WordPress sites.

We’re also adding Yubikey support to iControlWP – yet another first in Multiple WordPress Management!

All users can now force login to their accounts to be multi-factor authenticated with their Yubikey(s).

How does Yubikey Authentication work?

Yubikey is hardware-based, multi-factor authentication.

What’s all that mean?

Well, hardware-based simply means that you have a physical device which you use to authenticate yourself.

The picture at the top of this post is what the Yubikey Standard key looks like.

It works by plugging into a USB connection on your computer/laptop and then when prompted for a Yubikey One-Time-Password (OTP) you simply put your finger on the little circle and it will print a big string of characters on your screen.

You simply place the cursor in the text box provided (wherever you’re authenticating), touch the circle and it creates your password.

Then, the service App, or whatever your authenticating with, will take your Yubi OTP, send it to the Yubikey authentication servers and query whether this is a valid One-Time-Password.

If they say ‘OK’, then the service knows it’s really you.
(You will have previously provided the service with your Yubikey ID so that they know which Yubikeys are permitted to be used for your account).

It’s “multi-factor” because your password is one factor, your email address is the second factor (if you enable this option), your IP address is a third factor, and now your Yubikey is yet another.

How to enable Yubikey Authentication within iControlWP?

Enabling Yubikey authentication is incredibly simple.  You just go to the security section within your iControlWP account and you’ll see a new place to enter Yubikey IDs.

When you create a Yubikey One Time Password, the first 12 digits are always the same – these represent the ID of your particular Yubikey.

So, within iControlWP just enter your 12 digit ID (or put in a OTP and we’ll chop it up) and click save.

Warning: once you enter any 12 digits within this setting, you must have a valid Yubikey to login. There is no way to by-pass this authentication.

iControlWP Login Security with Yubikey Authentication

iControlWP Login Using Yubikey

How else can you secure your iControlWP account?

We’ve provided several important way to help secure access to your iControlWP account. Yubikeys are just one of them…

We take your account and data security seriously and we’ll always look for ways to add layers of secure access to your account.

If you have other ideas or ways you’d like to authenticate, please feel free to let us know.

Join the discussion One Comment

Leave a Reply