LaunchKey eliminates the need and liability of passwords by letting you log in and out of WordPress with your smartphone or tablet.
With LaunchKey, you can remove the risk and hassle of passwords in WordPress with a login alternative that’s more secure, more capable, and easier to use than traditional passwords and 2FA tokens.
- Log in to WordPress without passwords. (user’s opt-in individually)
- Remotely log out of WordPress.
- More authentication options. (e.g. biometrics, geofencing, etc.)
- Hide the password field in the WP login form.
- Remove passwords from WordPress database to prevent possible theft, brute force, database injection, phishing, and other attack vectors.
- Setup security policies controlling who can log in, what level of authentication they must utilize, etc.
- Don’t want to use the LaunchKey-branded mobile app? Use LaunchKey White Label to leverage your own mobile app(s).
How does it work?
Instead of logging in to WordPress with a username and password, WordPress will simply push a login request to a user’s mobile device via the free LaunchKey mobile app (available on iOS, Android, and Windows Phone). Once a request is received, a user can authorize the login request inside the LaunchKey mobile app by authenticating with the security factors they’ve chosen to use, while fraudulent or accidental login requests can be easily denied.
What types of authentication is supported?
LaunchKey makes it easy for users to employ true multi-factor authentication (MFA) through a variety of strong authentication options on their smartphone or mobile device. Authentication options include active and passive security factors such as biometric fingerprint scan, geofencing (i.e. restricting authorization to one or more geographic locations), facial recognition, Bluetooth device factors (i.e. ensuring a Bluetooth device is within range before allowing authorization to proceed), as well as PIN codes, pattern codes, and more.
What happens if a device is lost or stolen?
Lost or stolen devices can easily be remotely unpaired, rendering the mobile device useless as an authenticator. Remote unpairing is available through a simple online form or through another paired mobile device via the LaunchKey mobile app.
How do I know the LaunchKey service is secure?
In addition to regular security audits performed by 3rd party security researchers, LaunchKey is architected in such a manner that makes it impossible for a LaunchKey representative or anyone else to authenticate on behalf of an end user or modify a user’s response. This is possible because of LaunchKey’s unique cryptographic architecture. In fact, the LaunchKey service is 100% anonymous. All sensitive authentication data is stored locally on the user’s mobile device in secure storage and it’s inaccessible to the LaunchKey service as well as the application leveraging LaunchKey’s authentication platform (in this case, WordPress).
Where can I find out more information on LaunchKey?
LaunchKey can work with any online application. For more information, visit launchkey.com.
Where can I find more information on how to use the LaunchKey mobile app?
View the LaunchKey mobile user guide here.