Every year, it seems we hear more about security breaches and theft for online businesses and websites. As WordPress users, the front line of our security has always been user IDs and passwords.
With the enormous popularity of WordPress, we face a growing number of hackers who use deviant methods like brute force attacks to gain illegal entry into our sites. Such attacks increase the need for more sophisticated security options for WordPress users.
SnapID is one such option.
Launched in 2015, SnapID is a WordPress security plugin from TextPower, Inc., a company out of San Juan Capistrano, California. TextPower is a text messaging company that also provides mission-critical alerting services for utilities, tracking companies, municipalities, and universities.
Built on patented text messaging authentication technology called TextKey, SnapID removes the need for login usernames and passwords for your WordPress site.
Offering “two-factor authentication”, SnapID lets you easily login with your mobile phone, providing a more secure and convenient way to access and protect your WordPress website.
With SnapID, you don’t need to remember, enter, or reset your WordPress password. Instead, you can log into your site just by sending a simple text message via standard SMS.
What Is Two-Factor Authentication?
Since were talking about two-factor authentication, let’s take a quick primer about what it is.
Basically, the need for authentication — a way to tell a system we are who we say we are — exists because there are people who, unfortunately, refuse to play by the rules, and infringe on other people’s rights. Specifically, we’re talking about people who hack their way into sites, and commit crimes such as stealing private data.
Today, more than ever, we need to take security measures to keep such people out. And as online hackers get more sophisticated with their attacks, more barriers — more levels of authentication — can give you more protection. This is where SnapID and two-factor authentication comes in.
SnapID creates an extra layer of security that moves beyond login names and passwords (single-factor authentication or SFA), and makes it a requirement to also have possession of your mobile phone in order to gain access to your website. This extra barrier to entry into your site gives you two-factor authentication (2FA).
There are different authentication factors that can be used to protect and verify your identity, such as:
Something you know, otherwise known as the knowledge factor, such as your username and password, and a PIN number.
Something you have, otherwise known as the possession factor, such as your ATM card, a cell phone, and tokens.
Something you are, otherwise known as the inherence factor, such as your fingerprint or voiceprint.
For example, an ATM machine requires multi-factor authentication because it needs your debit card (something you have) and your PIN number (something you know), in order to prove your identity and begin your transaction.
Similarly, SnapID uses two-factor authentication that involves something you know (your login name and password) AND something you have (your cell phone). By using mobile phone SMS technology, SnapID gives you an additional layer of security for your WordPress site.
SnapID’s Main Features
SnapID is built on TextKey, a patented technology that replaces complex, costly, high-maintenance authentication systems. It uses a simple and secure approach developed around the unique identifier of your cell phone and text messaging technology.
Better Security
With typical two-factor SMS authentication, you receive (instead of send) an access code via a text message. Then, you enter this code to enter your site. However, SnapID is more secure because the process is reversed. Rather then getting a validation code sent to you, you’re asked to send out a text code that is associated with your phone.
Because every cell phone has a unique device identifier (UDID), the system makes sure your code is received from your phone. The SnapID system won’t accept text messages from a cell phone that doesn’t have your identifier.
Removing the Man-in-the-Middle
With typical two-factor authentication, you might get a text message that contains an authorization code to enter into a browser. Unfortunately, this makes it possible for “Man-in-the-Middle” (MITM) or “Man-in-the-Browser” (MITB) attacks, where your information gets intercepted. But with SnapID’s patented process, communication only happens through a secure server-to-server connection outside of a browser.
Here’s What SnapID Can Offer You:
• Convenient, easy, and inexpensive two-factor authentication security
• Secure protection beyond your username and password
• Two-factor authentication without the need for a smartphone. If you have a cell phone that can send a text message, SnapID will work.
• Security without the need for purchasing, tracking, and replacing tokens.
• Protection against Man-in-the-Middle and Man-in-the-Browser attacks, where an attacker can intercept communication and take advantage of browser vulnerabilities.
• Durable logins
Authenticated SnapID logins can remain for extended periods of time, rather than expiring when you log out. This allows you to set a secure and convenient time period so you don’t have to login multiple times a day.
• Cross-platform compatibility
• Currently, you can register as many websites as you wish.
• International use for users who have a Google Voice number
• Lost phone protection
• Automatic reauthentication with SnapID for replaced or upgraded cell phones.
When you get a new cell phone for any reason, as long as you keep the same phone number, you won’t have to re-authenticate it to use SnapID. As soon as your new phone is activated, it’s good to go — everything’s handled in the background through your phone carrier and SnapID.
• Secure, encrypted data
Even before it’s written to the TextPower database, your data gets encrypted while it’s still in the server’s memory. This ensures complete anonymity and protection.
TextPower also uses SSL (secure) connections, allowing the data to be encrypted en route to their servers.
And any website administrator or user who logs in to the SnapID system to add or change data must use the SnapID login process for complete identity validation and authentication.
Setting up SnapID
SnapID can be installed on your WordPress website within minutes. And once installed, SnapID is fast — most of the code and processing happens on TextPower’s systems.
The only thing that’s needed for SnapID to work with your WordPress site is a cell phone identifier that’s tied to your user ID, and registering that information with TextPower.
Here’s How to Set up and Register Your WordPress Website for SnapID:
- First install the SnapID WordPress plugin and activate it.
-
On the SnapID Settings page within WordPress, check the “Terms & Conditions” checkbox.
-
Click on the “Register with SnapID” button, and follow the instructions to text the code.
After texting the code to the given number, your website will be registered with SnapID. Your WordPress login is now tied to your phone number — it’s that simple!
To give SnapID a trial run, logout of WordPress and log back in with the “Sign In with SnapID” button.
Even Other Users of Your Site Can Register:
- If another user for your site would like to register with SnapID, they need to go to their WordPress User Profile to do so. In WordPress, just go to Users…Your Profile.
-
On their user profile page, they should go to the bottom of the page and click on the Join SnapID button.
From there, they just need to follow the instructions to text the code to the given number.
To test it, they should logout of WordPress and log back in with the “Sign In with SnapID” button.
Using SnapID
You Can Choose between One Step or Two-Step Login
Logging into your WordPress site with SnapID can be either a one-factor authentication process or a two-factor authentication process. With one-factor authentication, you’re just using the “Sign In with SnapID” button to get into your site. This increases speed because you don’t have to enter your username and password, but still gives you excellent security.
For even more security, you can use two-factor authentication and sign in with your username and password before you click on the Sign In with SnapID button.
Login with One-Factor Authentication
With the single-step login, you no longer fill in your username and password. Instead, you just send a simple text message via standard SMS.
SnapID allows you to choose one-factor or two-factor authentication for any combination of Administrator, Editor, Author, Contributor, and Subscriber.
For example, you might decide to have two-step login for Administrators for extra security, and one-step login for everyone else for convenience.
TextPower provides videos on the SnapID Settings page to explain these two options. Don’t worry too much about what you choose, they can be changed at any time by an administrator for your site.
One-Step Login:
- On your WordPress login page, click on the Sign In with SnapID button.
-
You’ll be given a one-time-password (OTP) that you’ll need to text to a phone number, and you’ll be in. Just follow the on-screen instructions for the pop-up message.
As long as the code you send matches the code they give you, and the phone you use to send the code was the phone you registered when you joined SnapID, you’ll be logged in.
Login with Two-Factor Authentication
Two-Step Login:
- On your WordPress login page, enter your username and password, and click the login button as usual.
-
Once your username and password are authenticated, you’ll receive a pop-up message asking you to text a code to a number. Just follow the on-screen instructions.
As long as the code you send matches the code they give you, and the phone you use to send the code was the phone you registered when you joined SnapID, you’ll be logged in.
Finding Account Information about Your SnapID Registration
With SnapID, you can send a text message of MySnapID to 48510 to check your registration status and other account information. If indeed you are registered, the program will tell you how many websites you have linked to your SnapID account.
What Happens If You Lose Your Phone?
If you happen to lose the phone that authenticates your SnapID logins, there’s no need to panic. SnapID offers multiple layers of protection:
PIN Protection
With your SnapID account, you can activate a PIN that can go before or after the one-time-password (OTP) you text for logging into your WordPress site.
Because it doesn’t appear on the screen, a thief with possession of your phone wouldn’t even know the PIN was needed.
Delegate Protection
You also have the option to choose a “delegate” that can suspend your access privileges by sending a simple text message. Then, if you later find your phone, the delegate can send another text message to reactivate your access.
Carrier Protection
If your phone needs replacement because it’s stolen, lost or destroyed, you’ll need to tell your carrier. Then, your phone will be deactivated and your cell phone number will be assigned to your new device.
In this situation, your new phone will automatically reactivate with SnapID, as SnapID and the carrier will take care of everything in the background.
Phone Lock Protection
Because you must send text with SnapID, when it’s locked, SnapID can’t be used. This makes SnapID far more secure than a typical SMS-based system where users receive a text message instead of sending one.
That being said, if you lose your phone, you should contact your phone carrier and let them know so they can keep your phone number from being used.
TextPower is working on an automated method for deactivating phones that are lost or stolen. Until that happens, they recommend opening a ticket with them so they can deactivate your SnapID account for you.
Changing Your Phone Number?
If you change your phone number, customer support at TextPower will help you transition your account from your old phone to your new phone.
International Use
For users who travel abroad, SnapID can be used internationally with a Google Voice number. All you have to do is send a text message with the Google Voice website, instead of your cell phone. The numbers through Google Voice are free and easy to set up.
To allow international users who don’t have US numbers to login to your site with SnapID, contact TextPower directly for details.
Video Tutorial: Setting Up and Using SnapID
Support & Documentation
The documentation for SnapID is very good. TextPower offers simple instructions and video for getting started.
You’ll find short videos and clear instructions explaining how SnapID works, how to register, and more.
If you need more advanced help, you can contact TextPower directly for details.
You can also contact TextPower at sales@textpower.com if you’re interested in premium features and support.
Pricing
SnapID is free for WordPress users.
However, TextPower also offers paid premium features for SnapID, including: SLAs (service-level agreements), analytics, custom installation, dedicated shortcode, and phone support.
For a one-time acquisition fee and small monthly maintenance fee, you can even get your own custom short code (five digit phone number) for your WordPress logins.
Conclusions & Recommendations
For WordPress users, SnapID removes the expense, complexity, and high-maintenance usually associated with secure two-factor authentication systems.
Using a patented process that uses the unique identifier of your mobile phone, SnapID gives you the ability to quickly secure your WordPress login from brute force attacks and other unlawful breaches.
By sending a simple SMS text message, SnapID gives you the option to login to your WordPress site without the need for entering your user ID and password. It can also be used in combination with your username and password for an added layer of security.
SnapID includes many valuable features, including durable logins, lost phone protection, the ability to log out of web sessions wherever you are in the world, timed log outs, admin bumps, and much more.
Currently, the makers of SnapID have no restrictions on the number of websites you can register through the plugin.
And oh, did I mention it’s free?
If you’re looking for a solid two-factor authentication plugin for WordPress, you’ll want to give SnapID strong consideration.
If you’d like to find out more about SnapID, you can visit them here.
You can also find the SnapID plugin at the WordPress.org repository here: SnapID for WordPress.
This is an analysis that was written to provide a valuable outside perspective to the creators of this product. They paid for a 100% honest, no-holds-barred break-down of all they are doing, both good and bad, because they want their product to be as good possible. In the interests of sharing that knowledge with the larger WordPress community, we also give them the option of publishing it here on WPMayor.com … but with the vital condition that the content cannot be altered or spun in any way: our readers expect and deserve the same 100% honesty.
We sell thorough, no-holds-barred product studies to creators who want an outside perspective to help them evolve the best possible WordPress product. Our to-the-point expertise has helped to improve countless WordPress plugins, themes and services, find out more about PAS - The Product Analysis Service.
0 comments:
Post a Comment