Comments on: PhoneFactor 1.0

By: MHeinrich

MHeinrich — Fri, 03 Oct 2008 04:18:23 +0000

I think those are valid concerns, but I have to say that the reality of recovering from all of those situations with my phone is much simpler/convenient than any of the alternative problems with tokens. Have you ever had to carry a SecurID token or keep track of a PKI certificate? I prefer waterboarding to being the IT person that has to manage that. And if you’re a consumer, way too expensive for anything but the most valuable of web properties (e.g. E*trade account with 50k in it).

Worst case, I can’t login unless I have a phone signal and my charger. If I lose my cell phone, I have to replace it anyhow. If I lose a token or cert, again … waterboarding, please.

By: Rich

Rich — Thu, 02 Oct 2008 15:05:36 +0000

What happens if you lose your phone, run out of batteries, or just dont get a singnal?

By: Dan

Dan — Tue, 09 Sep 2008 23:52:36 +0000

This is fantastic!
Sorry for bumping and commenting on a old post, but this is a brilliant addon.

By: Prevent Your WordPress Blog From Getting Hacked

Prevent Your WordPress Blog From Getting Hacked — Sat, 30 Aug 2008 03:33:13 +0000

[...] You can learn more about Phone Factor and download it here. [...]

By: hypotheek

hypotheek — Wed, 06 Aug 2008 07:25:49 +0000

This is a very cool plugin. I do agree with some of the comments that there might be some limitations if there is any problem in the chain of layers. But i think if there is a concrete error, you can alway’s enter your server and change and get into wordpress. I generaly like it.

By: Alex

Alex — Wed, 23 Jul 2008 18:46:19 +0000

I presume if you MUST access your blog and the service is down, you can just log into the server and delete the plugin file?

Yes, that would work fine.

By: Paradox

Paradox — Wed, 23 Jul 2008 18:45:06 +0000

Interesting. I saw the ad for this service on tv, and thought it might be useful.

Ill have to try it.

I presume if you MUST access your blog and the service is down, you can just log into the server and delete the plugin file?

By: Alex

Alex — Mon, 21 Jul 2008 13:32:20 +0000

Interesting. I’ve got bit about Crowd Favorite on my home page, in my sidebar, and I listed this as a “Case Study”… I guess I thought I was making it clear that it was something we built. I never intended not to.

By: Guy Rintoul

Guy Rintoul — Mon, 21 Jul 2008 11:38:30 +0000

Alex,

Just a suggestion – in the interests of openness, it may be better to explicitly call out that Crowd Favorite is your company. While I see you’ve used ‘we’ and ‘us’ in the post, it does come across like you’re trying to give an impartial review of a product – which you’re not. Most bloggers would put an explicit disclaimer in their post to avoid any perception of underhand bias…

Guy

By: PhoneFactor Makes WordPress Logins More Secure than Most Online Bank Accounts | PhoneFactor

Thu, 17 Jul 2008 14:12:16 +0000

[...] today announced that PhoneFactor, its phone-based authentication technology, is available as a free plug-in to WordPress, the largest self-hosted blogging tool in the world. With PhoneFactor, WordPressâ€™ hundreds of [...]

By: Jeff

Jeff — Thu, 03 Jul 2008 20:29:15 +0000

Sorry about the spam everyone.

An overzealous intern recruited some friends back home (yes – India) and went a little post crazy.

They have been reprimanded and it has been stopped immediately.

Alex, nor his team at Crowd Favorite had anything to do with this.

Our apologies.

PhoneFactor Product Team

By: Chris Nielsen

Chris Nielsen — Thu, 03 Jul 2008 19:42:48 +0000

I’m here as well because someone named “breanan” posted about this WP plugin:

I DARE YOU TO STEAL MY BLOG

You canâ€™t with this new WP plugin. Developed by the master himself, alex king.
http://wordpress.org[...]phonefactor/

I find it hard to believe that you don’t know this person or have not hired them to promote your plug in. Perhaps they are connected with the phone service that is used…?

But if it’s true I would distance yourself from them as much as possible and consider using another phone service that doesn’t need to spam. Nice feature, by the way, but overkill in my opinion just to keep someone from logging into a blog. And it still has nice options for abuse…

By: Alex

Alex — Thu, 03 Jul 2008 15:49:53 +0000

I have no idea who is doing the spamming, but I can assure you it is not Crowd Favorite (which is my company). We built the plugin and I posted this blog post, which is all we’ve done the publicize it.

By: Dr. Mike Wendell

Dr. Mike Wendell — Thu, 03 Jul 2008 15:26:51 +0000

Alex, while I agree with you that this is a great idea, could you please drop a hint to Crowd Favorite to knock off the spamming. They’ve hit a large number of sites, including the typepad, movable type, drupal, and edublogs support forums. It really gives wordpress a bad name to see a plugin promoted via spam and to see your name associated with this.

http://wordpress.org[...]topic/186359

By: paan

paan — Thu, 03 Jul 2008 01:50:53 +0000

the phone calls acts as a second authentication channel.
It is typical in security to add another, usually from a diffferent technology domain, authetication channel so that anyone that wants to steal your account will have to get your credential on both channel.

In other words. Some one trying to steal your account will have to get your password AND have access to your phone calls.

You don’t authenticate yourself with the phone number but as david said the phone call is the authentication process.