內容簡介
總結:Bye Bye Passwords 在 WordPress 上使用 WebAuthn/Passkeys 技術帶來現代化的無密碼驗證。採用生物特徵、安全鑰匙或平台認證,安全且方便地登入,告別弱密碼。
問題與答案:
1. Bye Bye Passwords 使用什麼技術讓 WordPress 實現無密碼驗證?
- Bye Bye Passwords 使用 WebAuthn/Passkeys 技術實現無密碼驗證。
2. 什麼是 Bye Bye Passwords 的主要功能?
- 主要功能包括無密碼登入、註冊多個裝置、產生緊急訪問一次性備份代碼、消除基於密碼的攻擊、簡易設置不需要技術知識、隱私集中在伺服器上、與 WordPress 整合。
3. 通過 Bye Bye Passwords 是如何登入的?
- 可透過在 WordPress 管理介面中註冊一個通行證並使用裝置的內建認證方式(指紋、臉部辨識、PIN)即可無需輸入密碼即時登入。
4. 使用 Bye Bye Passwords 需要什麼條件?
- 使用 Bye Bye Passwords 需要網站啟用 SSL/HTTPS、現代瀏覽器支援 WebAuthn、PHP 7.2 或更高版本、WordPress 5.0 或更高版本。
5. 這個外掛是否會與外部服務連接?
- 是的,這個外掛可能會連接到 FIDO Alliance Metadata Service (MDS) 以下載認證驗證的根證書。
外掛標籤
開發者團隊
原文外掛簡介
Bye Bye Passwords brings modern passwordless authentication to WordPress using WebAuthn/Passkeys technology. Say goodbye to weak passwords and hello to secure, convenient login with biometrics, security keys, or platform authenticators.
Key Features
Passwordless Login – Sign in using Touch ID, Face ID, Windows Hello, or security keys
Multiple Passkeys – Register multiple devices for convenient access anywhere
Recovery Codes – Generate one-time backup codes for emergency access
Enhanced Security – Eliminate password-based attacks completely
User-Friendly – Simple setup with no technical knowledge required
Privacy-Focused – Your authentication data stays on your server
WordPress Integration – Seamlessly integrated into WordPress admin and login
How It Works
Register a passkey from your WordPress admin profile
Use your device’s built-in authentication (fingerprint, face, PIN)
Sign in instantly without typing passwords
Requirements
SSL/HTTPS enabled website (required for WebAuthn)
Modern browser with WebAuthn support
PHP 7.2 or higher
WordPress 5.0 or higher
External Services
This plugin may connect to the FIDO Alliance Metadata Service (MDS) to download root certificates for authenticator validation.
FIDO Alliance Metadata Service
URL: https://mds.fidoalliance.org/
Purpose: Downloads attestation root certificates to verify the authenticity of security keys and passkey devices
When: Only when attestation verification is enabled and the plugin needs to update its certificate store (not during normal authentication)
Data sent: No personal or user data is transmitted – only a standard HTTP GET request
Service provider: FIDO Alliance
Terms of Use: https://fidoalliance.org/metadata/
Privacy Policy: https://fidoalliance.org/privacy-policy/
No user data, credentials, or personal information is ever sent to external services. All authentication happens locally on your server.
