Rescue Code Now Available in WP Google Authenticator
WP Google Authenticator has just been updated to version 1.0.4. This new version only brings one change few changes, but it's a pretty big one.
Account Recovery
There was one feature missing to the plugin until now: a way for users to log in their site even if they can't access the Google Authenticator app. If you just changed your phone for instance: you re-install the app, but you don't have all your profiles anymore. You're locked out of your site.
With the new recovery feature, when you activate 2FA for your account, a recovery code is automatically generated.
After you generated the recovery code, it will appear in your profile for 5 minutes. After that delay, you can always see your recovery code, but you will need to enter your WordPress account password before you can see it.
Now, if you have to use this code in a situation where you can't use the Authenticator app, you will be logged in just as usual, but 2FA will be disabled for your account.
Next step is to go to your profile page and re-enable 2-factor authentication. You will setup the new account on your phone, and you're good to go.
New Filters
Version 1.0.4 introduces 3 filters that might be useful for advanced users of the plugin:
wpga_secret_key_length: allows you to change the secret key length. Default is set to 16.wpga_code_length: alows you to change the length of the TOTP. Default is set to 6.wpga_recovery_code_length: allows you to change the recovery code length. Default is set to 24.