Yubikey

FAQ

Where can I learn more about how Yubikey OTP works?

Please visit the Yubico OTP Webpage

How much does the Yubikey cost?

There are a variety of keys available, but the cheapest key that will work with the OTP model currently retails at $50. You can find
information on this key by visiting the associated Yubico Product Page

Can I use my own validation server?

While setting up such a server is beyond the scope of this FAQ, yes you can. Simply put the URL of your validation server in
the “Private Validation Server API URL” field on the Settings -> Yubikey adin page. Remember to update the ID and API Key fields to a pair
that is supported by your server.

Does the plugin force OTP use by all users?

No, unless you set the “Profile from which OTP is mandatory” setting, in which case users with this permission or above will need an OTP
to login. If you enable this feature it is critical that all users on your site who hold this permission profile or above have already setup
OTP in their profile, otherwise they will be locked out of the site! All other users will only require an OTP if they set one up in their
user profile.

What is the “Allow XML-RPC login below profile” setting for?

When a user enables OTP in their profile, they will be unable to login to WordPress using the XML-RPC API (most commonly known as the method
by which the WordPress smartphone app accesses WordPress sites). If you enable this setting, users below this permission level will be allowed to
login via XML-RPC (the WordPress app) without use of an OTP (the app does not support use of OTP or supplemental login fields).

I enabled OTP on my profile and now I’m locked out of the site, can I get back in?

Of course; just rename the yubikey plugin directory in wp-content/plugins/ and the plugin will automatically be disbaled. With the plugin disabled
you will be able to login with just your plain username and password.