The developers journey in providing security without compromising customer convenience is a delicate balance to consider. Password breaches leading to account takeovers and attacks such as business email compromise, social engineering, phishing of all sorts and other attacks are running rampant and have been for some time. Criminals and scammers have become extremely skilled at exploiting the inherent weaknesses in traditional systems which include the “human system” as well. Developers must consider for their product roadmap how they will integrate stronger security, while at the same time giving convenience to customers and not creating friction in interactions. Customers nowadays are also looking for better and more secure authentication methods based on the increasing popularity around the use of biometrics on devices.
There are currently over 35 million websites powered by WordPress. The standard login method to a WordPress-powered website today is a simple username and password combination. More and more businesses are turning to securing their websites with the use of authentication methods using two-factor authentication, or 2FA. Employing 2FA onto accounts is a key and crucial control for authentication, and should be implemented across all websites and applications. But, not all methods are created equal. Common 2FA approaches consist of a rotating code stored in an Authenticator App or using text messages or emails where you receive a multi digit code to enter on the next stage of the verification process. This creates friction for customers.
What can provide the convenience without compromising security is to consider the use of FIDO.
FIDO (short for Fast ID Online) was launched in 2013 as an open industry association with a mission to promote and develop authentication standards that reduced the world’s dependence on passwords. FIDO’s strong authentication uses public key cryptography, ensuring interoperability across devices and operating systems. FIDO-compatible devices allow users to employ their own private strong keys, locked securely on each device, to authenticate the user on websites that support FIDO authentication, usually through a facial scan, or a fingerprint scan.
On a WordPress website, the experience would be:
- A user enters a website that is protected by a FIDO-certified strong authentication plugin
- A user is prompted to register (if not already registered) using FIDO-strong authentication, which employs the face scanner or fingerprint scanner on their laptop or mobile device to authenticate the user
- The user would, upon accessing the website the next time, simply put in their email address, be prompted to scan their fingerprint or face, and then gain access to the website
FIDO provides users with a convenient method to access their accounts, providing a much better experience, thereby increasing conversions by over 50%.
Is there a solution already available?
Yes, there is! FIDO is essential, but it can be complex to get working on a WordPress site. A WordPress developer would have to know quite a bit of highly technical code and APIs to make everything work seamlessly. There are also discrepancies with different architectures and browsers.
There is a plug-and-play solution with the LoginID FIDO-certified Passwordless biometric login plugin, which takes care of all the heavy lifting for you. WordPress websites can be up and running with a passwordless experience in under 5 minutes, in just 5 clicks. You can directly download the plugin here, or you can search for the FIDO-certified Passwordless biometric login plugin in the marketplace, download it, and install it automatically thanks to the simple setup wizard.
Make passwords a thing of the past, with FIDO-certified passwordless biometric authentication.