Nowadays, biometric logins are everywhere. You might be using it and don’t even know it!
That’s why today, we’re going to talk about their importance and how to add a Biometric login to your WordPress website.
What is a Biometric Login?
Biometrics logins allow admins and end users to login using their physical attributes to authenticate their identity. Normally you use your fingerprints, face, voice or even your iris.
For a while, this sort of technology was used only by business people but Apple and their Touch ID module brought it to the masses in 2013.
Now you’re probably super familiar with unlocking your mobile phone with fingerprint recognition. However, mobiles aren’t the only place a biometric login can be found. For example, airport security sometimes also uses iris recognition.
And, on the online world, biometrics allow you to easily log in on an app or a WordPress site too.
Some systems even use multimodal biometric authentication. This approach makes it even harder for hackers to do their thing.
How?
They combine physical and behavioral biometrics.
When we talk about biometrics, we normally refer to physical biometrics, but there’re also behavioral biometrics that focus on uniquely identifying and measurable patterns in human activities. These patterns can involve mouse use characteristics, voice ID or typing shortcuts habits. Yes, for real!
So, the multimodal authentication will, for example, require facial recognition and a video of the person saying their password. That way, even if a hacker has your fingerprint or face information, they can’t bypass the system.
Why use a Biometric Login
Okay, sure but is it worth it for you to add a biometric login to your site?
Well, security on your website is one of the most crucial aspects it can have (if not THE one). And according to iThemes Security Pro, on average, 30,000 websites are hacked every day!
WordPress, in particular, offers different ways users can have secure logins: two-factor apps, password managers and password requirements.
However, all of these options can end up being a bit inconvenient. That’s where biometric login comes in.
Here are some of its advantages:
They are virtually impossible to leak
Since they aren’t stored on a server, it’s practically impossible that someone leaks or steals your biometrics.
Passwords are very easy to hack, sometimes you just need the person’s birthday or typing a very basic and popular combination of characters. Passwords are also usually auto-filled on your browser or written on a sticky note.
However, your biometrics are yours and yours only.
They are more convenient
You don’t need to remember complex passwords or change them every five months. You just look into the camera or place your finger on a spot and it’s done.
They reduce user abandonment rates
Since biometric logins are as seamless as possible, the number of user abandonment decreases. More than once I have decided to not sign up to something to avoid more passwords!
How to Add Biometric Login to Your WordPress Website
Using iThemes Security Pro
iThemes Security Pro has the first WordPress security plugin to bring the Biometric login system to WordPress and it’s also its primary login method. Their plugin offers more than 50 ways to secure and protect your website from common security vulnerabilities.
At iThemes, they call their Biometric passwords “passkeys”. These Passkeys are supported by all major browsers, including Chrome, Firefox and Safari. They make it possible for users to login from their mobiles using FaceID, Touch ID and Windows Hello.
With Passkeys, you can even login to your site using a computer you don’t own or that you’re not being logged into iCloud with.
You’ll find an iPhone / Android device option and you’ll simply have to point your camera at the QR code being displayed and click the option on screen to use your passkey.
Requirements for using the plugin: you’ll need to be running PHP version 7.3+ and iThemes Security Pro (v 7.2).
I recommend you check their available documentation for using Passkeys on Windows, Macs or mobile devices. You can also contact them for support. They try to respond within 24 hours during normal business hours.
Finally, iThemes Security also offers a free plugin, however this doesn’t include a real-time WordPress security dashboard nor the magic links and password-less login features.
Pricing
All of the plans come with a 30-day money-back guarantee.
- Basic: $80 the first year. Secure one site.
- Plus: $127 the first year. Secure 10 sites.
- Agency: $129 the first year. Secure unlimited sites.
- Plugin Suite: $499 the first year. Includes iThemes Security Pro Agency, BackupBuddy Agency and Restrict Content Pro Professional with 34 Pro Add-ons.
After the one-year mark, iThemes Security Pro is still yours to use and keep, but they recommend renewing your iThemes Security Pro subscription to have continued access to updates and new features that are designed for the latest security trends and threats.
iThemes also has a thorough documentation for you to get started with their Biometric login feature.
Defender Security
Defender is a WordPress security plugin that has both a free and a premium version. It has a list of one-click hardening techniques and it has recently added new web authentication methods.
Among them, the ability to verify the authenticity of a user login by way of biometrics that use WebAuthn protocol from FIDO. Users can now log in using facial or fingerprint recognition.
Moreover, Defender also has an electronic security key. This key can work through Bluetooth, NFC or USB.
The plugin supports 13 languages including Catalan, Ukranian and Turkish!
And as said before, you can get all these for free but if you want access to their Audit Logging and Blocklist Monitor features, you’ll have to go with Defender Pro. It costs $7.5 per month and includes a 7 day free trial.
Biometric Login for WooCommerce
If you have WooCommerce, you can use their plugin developed by FmeAddons and backed by WebAuthn technology that supports advanced network authentication.
This plugin allows you to restrict biometric logins to certain users if you wish so.
You can customize the text of different buttons to create more clarity where they can view the time and date of registration. Users can also delete any unauthorized biometric registrations and create new ones.
It’s currently on sale and costs only $17.40 the first year. They offer a 30-day money-back guarantee if you are unhappy with the plugin.
Biometric Login for WooCommerce is only available in English. They are open to feature requests.
FIDO-certified Passwordless biometric login
LoginID is an identity and authentication platform that offers different multi factor authentication solutions. The company was founded in 2019 and it’s part of the FIDO (Fast IDentity Online) Alliance, an open industry association aimed to develop and promote authentication standards that rely less on passwords.
LoginID guarantees security across all digital channels: web, mobile, tablet and they have a WordPress plugin.
This open-source plugin integrates multi-factor authentication into your site. Their service is aligned with PSD2, GDPR, CCPA and HIPPA.
The plugin is available for free and supports three languages: English, Czech and Norwegian. If you need help, they offer support on their website and they also have documentation and an interactive tutorial.
The debate
New technology comes with security, private and ethical concerns surrounding it.
For example, since many biometric systems have been trained primarily using white or white male photos, some recognition systems don’t recognize people of color or non-cisgender people as easily. The marginalization of minorities has been an evergreen subject regarding new technology advances.
On the other hand, as to privacy, businesses store biometric data and they have to make sure they do it really well. If there’s an accident or hackers leak the data, it can be quite a problem, since you can’t reset your fingerprint like you would with a password.
In fact, back in 2013 when Apple released Touch ID, a German hacker association called Chaos Computer Club bypassed its security. They later said on their website: “It is plain stupid to use something that you can´t change and that you leave everywhere every day as a security token”.
Of course, that statement can sound a bit like it was taken out of a crime movie where someone rips another person’s eye to enter some secret governmental area. The risk in everyday life is, again, debatable.
Final words
Adding Biometric login to your WordPress site is essential for your own security and your user’s peace of mind. Nowadays, as you could see, it’s super easy to offer users to authenticate their identity using their fingerprints or their face.
Here, we listed the best plugins to do so.
We hope that this post helped you get a sense of where to start!
Have you tried Biometric Login before?
Tell us in the comments!
Leave a Reply