This plugin dramatically enhances the security of your WordPress website by adding Multi Factor Authentication (MFA) in the form of One Time Passwords (OTP) using Yubikey USB Tokens. In addition to providing your username and password to login, this plugin requests an OTP code generated by a Yubikey, validates this via an API and only grants access if this check passes. The requirement to use an OTP can be set on a user by user basis and there is also a feature to require users above a certain privilege level to always use OTP.
External services
This plugin connects to an API to validate the OTP tokens generated by your security key. This is required because storing the private keys on the same web server as the site you wish to protect would be a security risk.
By default Yubico’s own validation server is employed, although you may setup your own server and use this instead
The default Yubico API only collects the one time password (OTP) data as provided by your security key when you login. The service validates this and then stores this token as “used” so it may not be replayed as part of an attack. It does not collect any other data (such as what URL is being authenticated using the key etc.)
This service is provided by “Yubico AB”: Privacy Policy, Terms of Use