Protect your multiple WordPress websites using web authentication – WebAuthn

WordPress Two Factor Authentication > Pricing Plans >WebAuthn

Across the past few years secure authentication methods have been sought after by users and enterprises alike. Web Authentication is a fairly recent W3C standard backed by major players like Google, Paypal, Mozilla, Microsoft, and Qualcomm. It aims at defining a web-browser API for the creation and use of strong authentication credentials based on public key cryptography.



You can download miniOrange 2-factor plugin using the following link.



The most seamless login experience


What Web Authentication (WebAuthn) aims to do is integrate the authentication method and experience with the already existing authentication setup on the device.


That means, WebAuthn allows you to use the login methods already set up on your device. So using Web Authentication, you would be able to use the fingerprint sensor on your phone, or Windows Hello on your PC, or you could even use your Apple ID to login into any website.

The supported methods include but are not limited to:
  1. Windows Hello
  2. Fingerprint Sensors on both Laptops/Mobiles
  3. Windows PIN
  4. Yubikey
  5. Face Authentication


What is Web Authentication (WebAuthn)?



Web Authentication

Web Authentication is a fairly new specification, created for the new age of the internet and new technologies therein. Giving us the resources and the infrastructure to use various authentication methods.


Unlike its predecessor, WebAuthn should be here to stay. Although the fine points of the spec are complex, Web Authentication has been fairly easy to implement in practice. At the time of writing this, both Chrome and Firefox have the data types necessary for WebAuthn, and Firefox’s Nightly Build is able to create and request credentials. We’ll talk a bit later on about what this new standard could mean for the future of passwords (sorry, they’re probably not going away tomorrow), but first, a bit more about the core components of the WebAuthn API.




Web Authentication vs Conventional Authentication Methods


The big thing that WebAuthn wants to provide is biometric multi-factor authentication based on “Something a user is.” A user (in most cases) has a voice, a fingerprint, or a retina, that is unique to them. Something most users also have nowadays is a biometric device, like a smartphone, that can use this data to create and manage credentials that only the user can access through these unique traits.
To see implementations of WebAUthn in real life, you can go to Github, who natively supports Web Authentication as a login method. For a web demo, you can have a look at the entire implementation here. https://webauthn.io/



Enabling Web Authentication for your WordPress Website


miniOrange currently is the only way to reliably get WebAUthn working on your WordPress website. Using our Two Factor Authentication plugin, you will be able to use Web Authentication as a second factor. miniOrage provides a secure two-factor authentication mechanism plugin for multiple platforms (WordPress, Atlassian, Drupal, Magento & Moodle) which adds an extra layer of security to your company’s databases and website. Through these plugins, you will get access to several authentication methods that can restrict the user’s credentials from being shared with anyone, on purpose, or by accident. When the user enters his/her correct username and password they are prompted with a second-factor authentication page, in order to login successfully. We offer 15+ authentication methods which include OTP over Email, OTP over SMS, hardware token, QR code authentication, Google authenticator etc.



Recap


In this article, we have gone through why you should use Web Authentication (WebAuthn), and WebAUth as an alternative to conventional authentication methods. The best part of the Two Factor Authentication is that it lets you extend your existing authentication solutions to all users, employees, and admins. This allows you to bolster your security in a single swoop. You may be curious about how you or your development team can implement this through code.


Business Trial For Free

If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.