[wp-trac] [WordPress Trac] #57811: Should application password be usable for logins
WordPress Trac
noreply at wordpress.org
Thu Mar 2 16:30:38 UTC 2023
#57811: Should application password be usable for logins
------------------------------------+------------------------------
Reporter: Clorith | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version: 5.6
Severity: normal | Resolution:
Keywords: | Focuses:
------------------------------------+------------------------------
Comment (by JeffPaul):
This seems to line up well with @georgestephanis's
[https://georgestephanis.wordpress.com/2013/08/14/two-cents-on-two-factor/
My Two Cents on Two Factor post]:
> * For systems where the user cannot be prompted for a two-factor auth
code (XMLRPC, etc), disallow their normal password for authentication, and
force them to use a generated application password that is stored in
usermeta.
> * For systems where the user can be prompted for a two-factor auth code
(wp-login.php) don’t permit the use of application passwords.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57811#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list