WebAuthn – Passwordless login using Fingerprint, FaceID, Touch ID, Yubikey

Descrição

Meet the new global standard of web authentication (WebAuthn). WebAuthn is a core component of FIDO2 Alliance which includes protocols that are based on public key cryptography and are strongly resistant to phishing (to varying degrees).
WebAuthn is a browser-based API by FIDO2 that allows web applications to simplify and secure user authentication by using their registered devices (android phones/ iphones, laptops, etc.) as factors. WebAuthn uses public key cryptography by FIDO2 to protect users from advanced phishing attacks. With WebAuthn’s Passwordless login using Fingerprint, FaceID, Touch ID plugin, you can allow your users to login to your website by just entering their device credentials (Fingerprint, windows hello, face ID, touch ID, etc).

WebAuthn increases the security of your website by providing an additional layer of security and it also enhances the user experience of your website. Webauthn protects your website from many common attacks like phishing, brute force protection, man in the middle attack, malwares, etc.

WebAuthn requires HTTPS connection or localhost for secure authentication

Passwordless login with webauthn

FIDO2/WebAuthn implements the concept of passwordless authentication. The users will enter their username and if their device/keys are configured with WebAuthn then they need to verify it for successful login. If the device is not registered for WebAuthn, then users need to enter their password and then they can configure the WebAuthn. This will make the user experience better by removing the password. It will also increase the security as webauthn is based on public key cryptography authentication and it allows the user to login only if the user is authenticated from the trusted device.

WebAuthn as the [second factor](https://plugins.miniorange.com/2-factor-authentication-for-wordpress)

WebAuthn is also used as the second factor to add an extra layer of security on your website. In this case the users will enter their username and password to verify their first factor and after that they will be prompted with the WebAuthn for verification of the second layer of security. This will protect your website even if the users’ passwords are compromised, because to verify the identity of any user you need to confirm the web authentication with their device.

Usernameless login with WebAuthn*

WebAuthn also allows you to provide an option where users can login to your website without entering their username and password. The user will be automatically picked at login via WebAuthn.

As most of the users do not want to maintain too many credentials so in that case you can allow your users to use their device as the credentials and if the device is verified they will be logged into the site.

Device limitation*

The WebAuthn plugin provides an option where you can put a limit on the number of devices a user can register with WebAuthn. This will be helpful when you want only a particular device to login to the website.
This will allow you to restrict the number of devices a user can use to access your website.

Role based WebAuthn*

With this you can allow WebAuthn to specific user roles. The users who have been allowed to use WebAuthn can login with WebAuthn and others will use their usual wordpress login credentials for access, without getting prompted for the WebAuthn.

User-specific WebAuthn

With this you can select the specific users who can login using WebAuthn to your website. Other users have to use their WordPress credentials to login.

• supported in the Premium version