We love secure convenience. Though a small problem to have, sometimes logging into your WordPress dashboard can slow down your workflow. In addition, it is believed passwordless login is more secure than the traditional login method.
Luckily, there are plugins that will allow you to login securely without typing out your password. Similar to other quick logins, you can add an instant WordPress login method, like a fingerprint or face id, to your website with the Passwordless WP or WP-WebAuthn plugins.
Though both plugins are fairly new and user adoption is slowly increasing, if you need a fast, secure way to login to your website, these free instant WordPress login solutions may a great addition to your site.
Continue reading to learn more about:
Enjoy fast, secure hosting optimized for your WordPress site with our WordPress Hosting plans.
What is Web Authentication API (WebAuthn)?
Web Authentication API, or WebAuthn, is a new method of authenticating yourself online. Written by the W3C and FIDO, with the participation of Google, Mozilla, Microsoft, Yubico, and others, the API allows servers to register and authenticate users using public-key cryptography instead of a password. Through this technology, the hope is to decrease the 81% of hack-related attacks leveraging stolen or weak passwords.
By using the strong authenticators now built into devices, WebAuthn creates a private/public keypair for your website. The private key is stored securely on your device while a public key and generated credential ID is sent to the server for storage. When needed, the server can use the public key to prove your identity.
With WebAuthn, no is password needed. After performing a simple, secure verification, you’re logged in and ready to continue your tasks!
Both plugins utilize WebAuthn technology.
Using the power of WebAuthn, the Passwordless WP plugin grants you an instant WordPress login through fingerprint, touch id, or glance if support by your browser and/or device. Currently, the plugin is supported in Google Chrome, Mozilla Firefox, Microsoft Edge, Safari web browsers on iOS 14, BigSur, Windows 10, and Android platforms.
Passwordless WP requires HTTPS and SSL secure connection or a localhost/127.0.0.1 environment.
Let’s take a quick look at the plugin, once installed and activated, you can start the setup process by click on the Add Credentials link under Passwordless WP on the Plugins > Installed Plugins page. You can also begin the setup process by navigating to User > Profile, scrolling down to Passwordless Login Credentials, then clicking Register New Token.
You’ll be redirected to a setup screen which will inform you if your device and/or browser supports the plugin. If it shows you are not using a device or browser that supports the plugin, refer to the plugin website for more information and possible next steps, or continue to WP-WebAuthn below.
If your browser and/or device does support the plugin, you will be taken through a series of prompts to obtain your user token and setup your instant WordPress login. Once complete, you should be able to login via the method you chose during setup. It’s that simple! Of note, each user will need to register a token and complete the setup process if they want to use Passwordless Login.
At the time of this review, this plugin, version 1.1.6, was tested up to WordPress 5.5 and is updated every 1-3 months.
Similar to Passwordless Login, WP-WebAuthn uses WebAuthn to grant you easy, secure access to your WordPress website. Unlike the prior plugin, however, WP-WebAuthn provides four shortcodes that allow you to add the technology to registration forms and frontend login pages as well.
Before jumping into the plugin, the developer encourages you to first read the documentation so you fully understand how the plugin works. Then, once the plugin is installed and activated, navigate to Settings > WP-WebAuthn to enable your instant WordPress login method. You can also begin your token registration from the settings page as well.
Of note, WP-WebAuthn doesn’t totally disable your traditional login. Instead, it simply uses WebAuthn as your default method unless you’re using a browser or device that does not support WP-WebAuthn. If that happens, you will be presented with the traditional login method.
Once complete, you can verify your new login settings by clicking Verify at the bottom of the page. Also, similar to Passwordless, all users must register a token in order to enable the instant login feature.
At the time of this review, this plugin, version 1.1.0, was tested up to WordPress 5.5and is updated every 1-3 months.
For more WordPress tips and tricks, check out our WordPress Education Channel!