The process has to be done in 2 separate steps. First of all, you will need the Google Authenticator App which you can download for free from the Google Play Store, or the Apple App Store, and get it working on a device like an iPhone, iPad, Android phone, or Android tablet. We will be using time-based one-time passwords for this system. Time-based in this case means that the program will continuously generate a new key every 30 seconds, and the login window is a little less than 1 minute. Both the WordPress system and the Google Authenticator will share a common key with which to generate and check these keys. The WordPress side is handled by a plugin that's freely available in the WordPress plugin area.

Note: the system clock must be accurate to the minute on both the server and the device for this to work!

 

WordPress installation of Google Authenticator plugin:

  1. Log in to your WordPress system and go to "Plugins > Add New".
  2. In the "Search" field enter Google Authenticator and click "Search Plugins".
  3. The very first result should be titled "Google Authenticator" and is written by a Henrik Schack.
  4. Click the "Install now" link and approve the installation, then activate the plugin.
  5. Once the plugin is active, head on over to "Users > Your Profile".
    You will note there is now a section titled "Google Authenticator Settings" available.
  6. Simply put a check in the box next to "Active" and enter a description in the "Description" field.
  7. Note down the "Secret", you will need it in the next steps.
  8. Update the profile settings with the button at the bottom of the page.
    From this moment on there will be an extra field at the login prompt for the Google Authenticator code.

Note; there is the possibility of using QR scancodes to transfer the "Secret" to the device(s) you'll be using in the next steps, but I choose to just write it down.

 

Google Authenticator on Android phones and tablets:

  1. Go to the Play Store on your Android device, then in the search field at the top look for "Google Authenticator".
  2. You should see a result for Google Authenticator with a gray round metallic G symbol.
  3. Tap it and in the next screen tap "Install" to start the installation.
  4. Approve the require security access to your device and once the installation is complete, open the app.
  5. At the top right there will be the three dots atop each other that will give you access to the menu.
    On older devices you may need to press the menu button to get this menu.
  6. Then tap "Set up account" and tap "Enter provided key".
  7. In the "Enter account name" field you can enter a description. For example: WordPress login.
  8. In the "Enter your key" field enter the key from the Google Authenticator Settings "Secret" field in WordPress.
  9. Tap "Add" and the system will show you the key to use when logging in next on your WordPress site.

 

Google Authenticator on iPad and iPhone:

  1. Go to the App Store on your iOs device, then in the search field at the top right look for "Google Authenticator".
  2. On an iPad you will likely see "No results found" - if that's the case, at the top, tap "iPhone apps" to see it.
  3. Tap the "Free" button followed by "Install app" to start the installation of the Google Authenticator.
    You may be asked for your Apple ID information at this point.
  4. Once you have the Google Authenticator App installed, open it.
  5. It will start out empty so you'll need to tap the "+" symbol to add an account.
  6. In the "Account" field you can enter a description. For example: WordPress login.
  7. In the "key" field enter the key from the Google Authenticator Settings "Secret" field in WordPress.
  8. Save the information and the system will show you the key to use when logging in next on your WordPress site.
  1. It might be of interest that we have recently published another plugin for strong authentication. It prefers usability to security so you can either login with a password or with one-time code. If you’re on a secure network, you may want to use just your password but open your smart phone when connected through an insecure WiFi (cafe, train, …). We tested it with a few smart phone apps: Google Authenticator, Pledge, DS3 OATH, AWToken so you don’t have to rely on Google completely.

    Try to search for S-CRIB OTP Authenticator in the list of WordPress plugins (http://wordpress.org/extend/plugins/s-crib-otp-authentication/ ).

    • That is mildly interesting, but that means you have to buy an S-CRIB USB device in order to use it. Google Authenticator is a completely free app that can be used anywhere on devices like iPhones, iPods, iPads, Android tablets, Android smartphones, etc.. and doesn’t require a complete computer to use.

Leave a Reply

Your email address will not be published. Required fields are marked *