LaunchKey Plugin Adds Biometric Authentication to WordPress

launchkey-facial-scanWe’ve entered the future, folks. With the help of the LaunchKey plugin, you can now log into your WordPress site using your phone’s biometric facial and fingerprint scanning capabilities.

The LaunchKey mobile authentication platform has been pioneering multi-factor authentication for WordPress sites via its official plugin since 2013. The plugin has received glowing five-star reviews from users who enjoy logging in without a password. It is the first plugin to protect your site with biometric face and fingerprint scanning.

LaunchKey CEO and Co-Founder Geoff Sanders said the platform currently supports all devices that support biometric facial scanning and a limited number of devices for the fingerprint scan.

Our support for fingerprint scan is currently limited to the devices that gives us access to their fingerprint scanner, which at this time is only the Samsung Galaxy S5. As more devices with fingerprint scan become available, we’ll add support, including iOS devices with the release of iOS 8.

If you’ve ever enabled the fingerprint scan for unlocking your device, the WordPress authentication works in a similar way, except you will be scanning your finger to authorize an authentication request. “Since this functionality piggy backs off of the device fingerprint scan, there is no initial pairing or registration process,” Sanders said. “It simply needs to be enabled through the control panel.”

launchkey-wordpress-authentication-tablet-phone

How to Set Up Biometric Authentication for WordPress

If you want to set up biometric authentication for your WordPress site, you’ll need to download the LaunchKey mobile app in the Apple App Store or Google Play, pair a device, and enable the face scan through the control panel.

“During initial setup, you will be prompted to take 10 pictures of your face to map the dimensions and depths of your unique facial features,” Sanders explained. “From this point forward (until you disable it), you will be prompted with a facial scan to authorize authentication and login requests that come through LaunchKey Mobile.”

Biometric Security

Worried about having your biometric data stored by a third party? LaunchKey is totally anonymous and maintains your privacy. “All biometric data collected for these new authentication factors is encrypted and stored locally on the device and not on LaunchKey servers,” Sanders emphasized. “This also applies to all other authentication factor data used with LaunchKey such as geographic coordinates (used for geofencing), PIN codes, combinations, etc. LaunchKey is an anonymous service, and we don’t even have the ability to authenticate on behalf of our users.”

LaunchKey Prioritizes WordPress Integration

While the LaunchKey platform offers integration for both Drupal and Magento, as well as 16 web and mobile SDKs, protocol integrations (OAuth, OpenID, SSH), WordPress has emerged as a major priority.

“WordPress integration is a priority for LaunchKey because not only does it power over 20% of the internet, it’s vulnerable to the same password vulnerabilities inherent to any password-based system, and that’s exactly what LaunchKey was created to address,” Sanders told the Tavern.

The LaunchKey WordPress plugin has only been downloaded around 2,400 times, but users seem very satisfied with it. “We’ve stayed fairly quiet to date as we’ve really been more in R&D mode, but staying ‘stealth’ wasn’t something we wanted to do,” Sanders said.

“We wanted to test our technology out in the real world. As with anyone that uses LaunchKey, the WordPress owners who use our plugin immediately love that we’ve removed the hassle of passwords from their login flow which vastly improves their user experience of WordPress. Counterintuitively, LaunchKey’s friendlier user experience offers more security than password-based authentication, even at its most basic use with no other factors of authentication enabled.”

Even if LaunchKey provides a simpler way to authenticate, the challenge is getting WordPress users to see the value of the added security. Many users are familiar with WordPress.com’s Two Step Authentication, which utilizes the Google Authenticator app, and other two-factor authentication plugins for self-hosted sites. But Sanders explains how these methods are different from LaunchKey:

Google Authenticator is simply an interface for the open protocol knows as one time passwords (tOTP) which are the tokens used in the traditional 2-step authentication flow used on top of passwords. LaunchKey offers our own OTP authenticator inside our mobile app which provides the same functionality. (Our OTP authenticator actually offers more protection than Google Authenticator due to the numerous optional auth factors we can protect the app itself with such as geofencing, PIN or combo lock, etc.)

LaunchKey was designed to be a full authentication platform that replaces passwords entirely. The platform also allows you to end sessions remotely, require use of specific auth factors, or even restrict logins to specific geographical zones or timeframes.

If you’re tired of passwords and want the added protection of authenticating with your face or your fingerprint, check out the LaunchKey website for more information. The app is free and its corresponding plugin is available on WordPress.org.

Who is Sarah Gooding


Sarah Gooding is an Editorial Ninja at Audrey Capital. When not writing about WordPress, she enjoys baking, knitting, judging beer competitions and spending time with her Italian Greyhound.

There is one comment

Comments are closed.