In the Feature Spotlight posts, we are going to highlight a feature in iThemes Security Pro and share a bit about why we developed the feature, who the feature is for, and how to use the feature.
Today we are going to cover Passwordless Logins, a new way to verify a user’s identity without requiring a password to login.
What are Passwordless Logins?
Passwordless login is a new way to verify a user’s identity without actually requiring a password to login. We took the idea of the Magic Links and evolved it into a new login method that allows you to require users to use strong passwords and two-factor authentication without ever entering a password or an extra authentication code.
Why Use Passwordless Logins?
By definition, every security measure is designed to decrease the convenience of whatever is receiving the added security. For added security, the front door of my house has a lock on it. The lock requires the extra step of using a key to unlock the door before it opens. Adding the extra step to enter my home is probably a good idea even though it would be easier without a lock.
The same goes for your online accounts. Using a strong, unique password and two-factor authentication will protect you from 100% of brute force attacks. Unfortunately, there are still many people reusing their same weak password and not using any form of two-factor.
Those of us in the security community often have a hard time understanding why it was so hard to convince people to sacrifice a little convenience to gain a huge amount of security. We don’t even think about having a unique lock for each physical door we enter–I have a key for my car, wife’s car, house, office, and mailbox–so, why does using a unique password on our virtual door seems so inconvenient?
Why We Developed Passwordless Logins for WordPress
We in the security community have started to realize that we have always made security more confusing than it needs to be. Once you have a key for a physical door, you are done. However, with password security, we have made a bunch of rules that can be overwhelming. To make matters worse, it doesn’t seem like we can agree on what the rules for creating a strong password should be.
Whether we in the security community want to admit it or not, using a password manager and two-factor authentication can be a pain and time-consuming, especially as we move more and more of our lives online.
So we wanted to create a way for people to get all of the security that a strong and unique password provides without sacrificing the usability.
3 Reasons to Use Passwordless Logins
For all these reasons and more, Passwordless Logins make securing your WordPress site even easier.
- Adds more brute force protection by bypassing the normal WordPress login method.
- Allows users to login to your website directly from a link sent securely to their email address.
- Helps reduce login friction by removing the need for complicated passwords or two-factor codes while maintaining a high level of security.
How to Use Passwordless Logins
To get started using Passwordless Logins, navigate to the security settings’ Features menu and enable the Passwordless Login.
After enabling Passwordless Login click the cogwheel to manage the settings.
Click the User Groups links to select which users can use the login method and bypass two-factor when using the method.
Now that you have enabled Passwordless Logins, you can enforce strong passwords and two-factor requirements without negatively impacting the experience for the users on your site.
How the Passwordless Login Method Works
When logging in you will be asked to choose a login method. Click the Email Magic Link button to send the email containing the passwordless login link.
You will now see a message confirming the email has been sent.
In your email inbox, open the Magic Link email and the Login Now button.
And that is it, no entering of a password or two-factor token. This means that once you enable Passowordless Login, you don’t have to know your complicated password or copy and paste an extra code to login. However, those bad guys trying to brute force your site will have a 0% success rate.
Wrapping Up: Get iThemes Security Pro Today!
As you can see, Passwordless Logins in iThemes Security Pro can add a strong layer of security to your site without any added inconvenience.