With hackers getting increasingly tech-savvy, business owners are finding it hard to keep up and come up with ways to keep their website safe and secure. One of the easiest ways for a hacker to gain access is by cracking user passwords. Instead of trying to force users to apply stronger passwords, it is now possible to simply avoid passwords completely.
Thanks to biometric passkeys, you can have your customers and subscribers access your WordPress website without specifying a password.
Table of Contents
What are passkeys?
Passkeys are a digital way of signing in, using biometrics via Touch Id, Face Id or Windows’ Hello, eliminating the need for passwords altogether. Google, Microsoft and Apple have all unanimously come together to support the use of passkeys for authentication.
What are the benefits of using passkeys?
Unlike passwords, passkeys are hard to crack. A hacker would first need access to your physical device. Presuming your device was stolen, it would still be useless without your PIN or biometrics.
Another advantage is that even if a website’s server gets hacked, a hacker would not be able to get your password, simply because it is never stored there.
While enforcing strong passwords or using two-factor authentication can also protect your website to a certain degree, it can get very annoying for a user. Passkeys offer a simple, friction-free way of logging in securely.
Do passkeys violate user privacy?
Your biometrics or your passkeys are never ever shared with the website or with the application, guaranteeing full privacy. Passwords on the other hand are usually saved by the website or app in their database, making them more vulnerable to attacks.
With passkeys, the user’s biometric information is never revealed to the website or the app
Google’s Guide to Passkeys
WordPress Plugins for Biometric Login and Passkeys
If you have been wondering how to bring all the goodness of passkeys and biometric logins to your own WordPress website, the easiest way to do that is to use a reliable security plugin that already has all of this built in.
Listed below are a few free and paid WordPress security plugins that allow you to use biometric passkeys.
iThemes Security Pro
This popular WordPress security plugin was updated with support for passkeys with biometric logins recently (September, 2022). The free version of this plugin has over 1 million active installs and is regularly updated and maintained by the iThemes team.
Features
Besides biometrics passkeys, iThemes Security Pro also serves as a complete solution for your website’s security, with features such as these –
- Allows you to block specific IP addresses or users from accessing your website
- Alerts you to file changes so that you can monitor unauthorised changes
- Gives you the ability to set login attempt limits (to protect brute force attacks)
- Enables you to enforce strong passwords that are not easily compromised
- Allows you to set up two-factor Authentication for logins
- Helps you to ward off malicious bots using reCAPTCHA
How to setup BioMetric Passkeys using iThemes Security Pro
In order to set up passkeys for your website, you will need to follow these steps.
1. Install and activate iThemes Security Pro plugin
2. From your WordPress Dashboard, navigate to the plugin’s setting via
Security > Settings > Features > Login Security
On this tab, click on ‘Passkeys’ to enable it.
3. Now, navigate to Security > Settings > Configure > Login Security > Passwordless Login to enable it via the checkbox.
4. Remember to click ‘Save‘ to save your settings.
5. You can now edit a user’s profile to enable login via passkeys for the user.
Pricing
The iThemes Security Pro plugin offers you a choice of 3 different pricing plans based on the number of sites you would like to use it on. They have a 30-day refund policy too, so you can request a refund in case this doesn’t work for you for some reason.
Alternatives to iThemes Security Pro
There are a few other alternatives to iThemes Security Pro, that allow you to set up passkeys for your website. These solutions are not as comprehensive as iThemes’ plugin though.
Passwordless WP
Released in October 2020, this free WordPress plugin that supports biometric logins, has not been updated ever since. It had a promising start, but since it doesn’t seem to be maintained any longer, this login plugin is not recommended.
WP-WebAuthn by Axton
With a little over 600 active installs, this is a free plugin that supports logins using Touch ID or Face ID. It is actively supported via the WP org Forum as well.
In Conclusion
As a website owner, you really should do everything you can and more to protect your website from hackers. A ready-to-use WordPress security plugin like iThemes’ Security Pro makes it really easy to keep your website safe.
Photo Credits :
- Featured Image by Mohamed Hassan from Pixabay
- iThemes Plugin Screenshot by iThemes
2 thoughts on “How to keep your WordPress Website Secure with Biometric Passkeys”