github WordPress/two-factor 0.8.0
Version 0.8.0

latest releases: 0.12.0, 0.11.0, 0.10.0...
23 months ago

Includes the following changes 0.7.3...2fa64f6.

  • Reduce the login nonce expiration from 60 minutes to 10 minutes by default, and include user ID in the login nonce to make them unique #473.
  • Replace QR generation for TOTP secrets with local Javascript tooling instead of Google Charts API #487 and #495.
  • Fix Backup code download with quotes in translations #494.
  • Block sending authentication cookies upon 2FA login #502.
  • Backup Codes: Always generate 10 codes via REST #514.
  • TOTP: Enforce single-use of TOTP one-time passwords #517.
  • Add rate limiting to two factor attempts #510.
  • Core: Reset compromised passwords after 2FA failures #482.
  • Document the TOTP Filters, add Issuer filter #530.
  • Support login-by-email in maybe_show_reset_password_notice() #532.
  • Be more tolerant of user input for auth codes #518.
  • Standardise on int|WP_User input to the "for user" functions #535.

Don't miss a new two-factor release

NewReleases is sending notifications on new releases.