WordPress Security

New! Passkeys with Biometric Logins for WordPress are Here in iThemes Security Pro

The easiest and most secure way to log in to your WordPress site is here! iThemes Security Pro just added biometric logins (like Face ID, Touch ID, and Windows Hello) and passkey technology supported by all major browsers, including Chrome, Firefox, and Safari, to use with your WordPress login. Now, website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements.

Avatar photo
SolidWP Editorial Team

The easiest and most secure way to log in to your WordPress site is here! iThemes Security Pro just added biometric logins (like Face ID, Touch ID, and Windows Hello) and passkey technology supported by all major browsers, including Chrome, Firefox, and Safari, to use with your WordPress login. Now, website admins and end users can have secure logins without the inconvenience of additional two-factor apps, password managers, or complex password requirements.

Powered by the WebAuthn protocol, these login methods provide an innovative passwordless login experience that is the future for securing sensitive information online, including logging in to any WordPress site. As the future of logins for all sites and apps, iThemes Security is the first to bring it to WordPress as the primary login method.

So, let’s take a closer look at how passkeys work in iThemes Security Pro.

To take advantage of this update, you’ll need to be running PHP version 7.3+ and iThemes Security Pro (v 7.2). Current iThemes Security Pro, Essentials Bundle, Plugin Suite, and Toolkit customers will find the 7.2 version update available now as an automatic update from the WordPress dashboard (for licensed sites) or as a manual download from the iThemes Member Panel. Save time updating all your sites at once from the iThemes Sync dashboard.

What are Passkeys?

Introducing passkeys, the easiest and most secure way to log in to your WordPress site. With Passkeys, you get the most secure login technology available today without the inconvenience of two-factor apps, password managers, or complex password requirements.

Passkeys provide an innovative passwordless login experience that is the future of logins for all sites and apps. And iThemes Security Pro is the first WordPress security plugin to bring it to WordPress as the primary login method.

Powered by the WebAuthn standard, passkeys include biometric login methods (like Apple’s Face ID, Touch ID, or Windows Hello), and are supported by all major browsers, including Chrome, Firefox, and Safari. Major tech companies like Google, Apple, and Microsoft all back the WebAuthn standard to make passkeys the future of secure logins across the web.

Why Use Passkeys? 5 Reasons

You may be wondering why you should consider using passkeys instead of strong passwords or even two-factor authentication. Let’s dive into why passkeys are a superior user security method.

1. Passkeys Solve the Problem of Stolen or Leaked Passwords

For starters, passkeys solve the problem of stolen or leaked passwords. The reality is that 81% of all hacking-related breaches leverage passwords that have been compromised. [pullquote]Passkeys make it virtually impossible to have your password leaked or stolen because your passwords aren’t stored on a server that can be compromised.[/pullquote]

In addition, your personal data doesn’t leave your device. The site you’re logging into doesn’t get a copy of your fingerprint or face. Instead, a secure credential called a private-public keypair is created to form a strong authentication method that’s virtually impossible to hack.

2. Passkeys Protect You (And Your Site’s Users) From Phishing Attempts

Second, passkeys protect you from phishing. Hackers often use very sophisticated techniques to to try to trick you into giving away your password, like building convincing emails and websites to impersonate real services you use. Passkeys are phishing-resistant since built-in authentication methods won’t let you be tricked into giving away your password.

3. Passkeys are Simply Easy to Use

Third, passkeys are simply easy to use. We all know how extra security measures usually mean inconvenience. Using strong passwords, two-factor apps, or verification emails causes friction when logging in. Passkeys allow you to quickly log in with one click using your face or your fingerprint, instead of having to deal with long passwords, extra emails, or two-factor codes.

4. Passkeys Make Mobile Logins Easy

Use your passkey to login with Face ID, Touch ID, or Windows Hello from your mobile device. You’re likely already using this technology for many other apps and sites. With iThemes Security Pro, now you can use these to login to WordPress!

You’ll also be able to offer this login method to your users, removing friction and improving their security experience. With your mobile device, you can use:

  • Face ID
  • Touch ID
  • Windows Hello

5. Passkeys Provide the Most Secure Login Method Available for WordPress

Finally, passkeys are the best way to provide the most secure login method available for your WordPress site. Both website admins and end users, like customers, can start using passkeys to log in to any WordPress site running iThemes Security Pro.

How Do Passkeys Work with WordPress Logins?

With no passwords, no two-factor codes, and no emails, now you can log in to your WordPress site with one click.

Here are a few quick demo videos of how passkeys look when logging in:

From Your Desktop

Here’s a look at how easy it is to log in with passkeys from your desktop.

From Your iPhone

Passkeys make mobile logins a breeze by using your device’s built-in authentication technology, including Face ID and Touch ID.

Simply log in using your passkey to activate your mobile device’s Face ID or Touch ID, and iThemes Security Pro will log you into WordPress in a matter of seconds.

No more using a password, pulling open a separate email for a confirmation code, or opening a separate two-factor app.

From Your Yubikey or Android Device

Finally, you can even use passkeys to securely register your mobile device or even your Yubikey to log in to WordPress from your desktop. It’s that easy.

Getting Started with Passkeys in iThemes Security Pro

To get started with passkeys in iThemes Security Pro, you’ll need the following:

  • iThemes Security Pro (v 7.2)
  • PHP 7.3+
  • If you are on a Mac, please ensure your computer has either Apple Silicon or the T1/T2 chip. For more information on Mac devices, please click here.  

To set up Passkeys on your site, you will need to enable the feature on the Security > Settings > Features > Login Security screen.

Next, you will navigate to the Security > Settings > Configure > Login Security > Passwordless Login screen. Click the Passkeys checkbox so it is marked with a checkmark and then click the “Save” button. 

Once you have enabled Passkeys, you can go to your WordPress Admin Menu > Users > Profile. Scroll down to Passwordless Login, enable the passwordless login feature for the user, and click the “Setup Passkeys” button. 

Using Multi-Platform / Browser / QR Code

What if you want to log in to your WordPress site using a passkey but you are using a computer you don’t own or that you aren’t logged into iCloud with? You can log into the site using the QR code method and your registered mobile device. This feature uses the passkey saved to your device / iCloud to allow you to gain access on from any device.

On the device you are logging into, look for the iPhone / Android device option. Select it and click the “Continue” button.

Then, point your camera at the QR code that’s displayed, and click the option to use your passkey.

IMG_6003.jpeg

This will set up a mechanism for the computer and your mobile device to securely communicate with each other. After approving the login on your phone, you’ll be signed in automatically on your desktop. The desktop computer does not get its own passkey. Your passkey stays on the device that you used to authenticate. If you are using a new windows computer that you purchased, you would probably want to register a new passkey for that device after signing in for the first time via your iPhone.

More Instructions for Setting Up Passkeys

We have comprehensive documentation available over in the iThemes Help Desk for:

Get iThemes Security Pro Today with Passkeys!

iThemes Security Pro, our WordPress security plugin, offers 50+ ways to secure and protect your website from common WordPress security vulnerabilities. As the first WordPress security plugin to bring passkeys to WordPress as the primary login method, you’ll also get these extra layers of security for your website.

To take advantage of this update, you’ll need to be running PHP version 7.3+ and iThemes Security Pro (v 7.2). Current iThemes Security Pro, Essentials Bundle, Plugin Suite, and Toolkit customers will find the 7.2 version update available now as an automatic update from the WordPress dashboard (for licensed sites) or as a manual download from the iThemes Member Panel. Save time updating all your sites at once from the iThemes Sync dashboard.

Solid Security is part of Solid Suite — The best foundation for WordPress websites.

Every WordPress site needs security, backups, and management tools. That’s Solid Suite — an integrated bundle of three plugins: Solid Security, Solid Backups, and Solid Central. You also get access to Solid Academy’s learning resources for WordPress professionals. Build your next WordPress website on a solid foundation with Solid Suite!

Get Solid Security

Did you like this article? Spread the word: