Wed 22 Jul 2009
The simple to use One-Time Password plugin enables you to login to your WordPress weblog using passwords which are valid for one session only. One-time passwords prevent stealing of your main WordPress password in less trustworthy environments, like internet cafés, for example by keyloggers. For each login you can choose between using your main password or a one-time password. The one-time password system conforms to RFC 2289 of the Internet Engineering Task Force (IETF).
Version 2.0 of this plugin has a new option to protect administrative actions by one-time passwords. This option is disabled by default and only available when you logged-in with a one-time password. It is possible to define exceptions. The default exceptions are viewing the dashboard, adding a post (but not saving it) and logging out.
The login screen displaying a RFC 2289 challenge:
The one-time password list with the requested password:
The window to authorize an administrative action: (optional)