Descrição
This is a feature plugin that is a spinoff of the main Two-Factor Authentication plugin, found at https://github.com/georgestephanis/two-factor/.
With Application Passwords you are able to authenticate a user without providing that user’s password directly, instead you will use a base64 encoded string of their username and a new application password.
Ecrãs
In your user profile screen, by default it will just be a field to create a new Application Password. 
After at least one Application Password for you account exists, you'll see a table displaying them, allowing you to view usage and revoke them as desired.
Instalação
- Download the zip file.
- Log into WordPress, hover over Plugins, and click Add New.
- Click on the Upload Plugin button.
- Select the zip file you downloaded.
- Click Install Plugin.
- Activate.
Avaliações
100% Unsafe using Base64
Base64 encoding is UNSAFE method used by large number of naive application programmers hoping to “obscure” the plain text password as it travels across the network. Base64 encoding lacks any form of cryptographic algorithm so it fails to protect sensitive information, as result Base64 vulnerability is the root of multiple security breaches. Both the user’s ID and password are completely exposed. Using Base64 is no more secure than converting a secret from English into French. Stupid or Careless programmers (as opposed to uneducated) still use Base64 in many networks and end-user applications with no regard as to the damage they created. Simply web search “base64 vulnerability” to see how badly you wrecked the security using it. Cheers!
Great option for WP API authentication
Currently using this plugin to authenticate with my website while using the Event Espresso 4 mobile apps, which uses the WP API to pull events into the apps.
Contributors & Developers
“Application Passwords” is open source software. The following people have contributed to this plugin.
Contributors
Traduza o “Application Passwords” para o seu idioma.
Interessado no desenvolvimento?
Browse the code or subscribe to the development log by RSS.