New to the community? Start here

[Defender Pro] Passwordless Login

6

Would be cool to have the option to add passwordless login to any website.
Right now I am using the great tool from

https://handyplugins.co/magic-login-pro

But it would be really handsome to have it built in Defender.

Maybe passwordless login would even be great for the hub too – as an alternative to 2FA.

Love your wokr and cant wait to see the new features that are coming to the client hub soon :-)

Cheers, Matthias Loeffel

Thu, 12 May 2022 12:01:37
More Defender Pro discussions
Defender Pro
  • Adam
    • Support Gorilla

    Hi Matthias

    I hope you’re well today!

    I wasn’t familiar with the plugin that you mentioned so I’ve checked their feature description and docs and I’m not quite sure if this is really a security related – it seems to be more of a feature to “simplify” access in some cases.

    Such passwordless login could be both “simplification” and security improvement but most if it was following FIDO standard which is something that, apparently, Google is working on on their end too (to implement it in foreseeable future).

    I suppose in that form it could indeed be nice improvement – both simplifying access and improving security. Let’s keep this feature suggestion thread open then so other Members of our community could also share their thoughts and feedback and vote for it.

    By the way, I think you may like it to: we are going to add biometric login support to Defender and also support for Yubi Key. I don’t have an ETA but it’s ongoing work and should be added to plugin with one of major updates (most likely not both at once though).

    Best regards,
    Adam

  • taropaa
    • New Recruit

    Adam Czajczyk It’s somewhere in the middle. Passwordless logins do have a layer of security as you could bypass a password altogether. There would be no password field to brute force in the first place, and you’d have to know the email of the user to even attempt something.

    From the user’s perspective, it’s even better since they don’t need to remember passwords. To this day, after more than 15 years working with WordPress, my #1 request is to reset user passwords since they forgot them. This causes them to use weak passwords they can remember (one user had used the user editor password editor, for example).

    While passwordless login isn’t a security feature per se like 2FA or login Captcha, it is something that could make them unnecessary in some instances while also improving the quality of life for users.

    My first thought was also that it would fall under Defender, as it deals with login and security-related functionality and does that quite painlessly.

    I hope the team still considers this feature request.

  • Adam
    • Support Gorilla

    Hi taropaa

    Thanks for response!

    On a side-note: meanwhile we’ve added support for 2FA using biometrics (including hardware keys) and there are also two important options in Defender related to passwords security:

    – “Password Reset” – to force password reset (for all or selected user roles) if you suspect they may be too weak or compromised
    – and “Pwnd Passwords” – which checks the site against leaked passwords and can block/force reset such leaked passwords.

    If it comes to your request, let’s see how it goes. So far since creation of this topic, we had literally no other requests for such functionality so honestly saying – I’m not sure if it will happen. But let’s keep this feature request open and see. Sometimes such ideas gain “second life” at some point and suddenly start to get support/votes from more Members and then they got “back on the table”.

    Best regards,
    Adam

  • ECWebDesigns
    • Site Builder Child of Zeus

    I would be thrilled to see Passwordless Login seamlessly incorporated into the plugin. Currently, I have to resort to using a different solution for this functionality. I’ve observed that my clients appreciate the convenience of not having to remember passwords. I’m hopeful that this feature will be integrated in the near future.

  • UMNZ
    • New Recruit

    I just wanted to chime in and say that Magic Login via Email is a *huge* convenience feature for executives and decision makers who like to occasionally check in on reports from time to time. As others have mentioned it is becoming more popular because it also mitigates spam accounts that use temporary addresses. In some cases for security, I have this set up as an enforced requirement. Combined with Branda (for customising the look of the login screen and emails that are being sent) this would be an ideal addition the premium plugin suite.