內容簡介
遇見網絡認證的全球新標準(WebAuthn)。WebAuthn是FIDO2聯盟的核心組件,其中包括基於公鑰密碼學的協議,並且具有強烈的防釣魚能力(程度不同)。
WebAuthn是一個由FIDO2提供的基於瀏覽器的API,它允許Web應用程序使用註冊的設備(android手機/iphone,筆記本電腦等)作為認證因素,從而簡化和保護用戶的認證。WebAuthn使用FIDO2的公鑰密碼學來保護用戶免受高級釣魚攻擊的影響。憑藉WebAuthn的“無密碼登錄使用指紋、面容識別和Touch ID外掛程式”,用戶只需輸入設備憑證(指紋、Windows Hello、面容識別、Touch ID等)就可以登錄您的網站。
WebAuthn提供額外的安全層,提高了您網站的安全性,也增強了用戶體驗。Webauthn保護您的網站免於許多常見的攻擊,例如釣魚、暴力保護、中間人攻擊、惡意軟件等。
WebAuthn 需要HTTPS連接或本地主機(localhost)以進行安全認證。
WebAuthn的無密碼登錄
FIDO2/WebAuthn實現了無密碼認證的概念。用戶輸入其用戶名,如果設備/密鑰已配置WebAuthn,則需要驗證該設備,才能成功登錄。如未註冊WebAuthn的設備,用戶需要輸入密碼,然後可以配置WebAuthn。這樣做可以消除密碼,從而提高用戶體驗,同時基於公鑰密碼學認證的Webauthn只允許使用受信任的設備進行登錄,提高了安全性。
WebAuthn作為第二層認證
WebAuthn也可用作第二層認證,在您的網站上增加額外的安全層級。在這種情況下,用戶需要輸入用戶名和密碼來驗證第一層,然後系統會提示WebAuthn用於驗證第二層安全層級。即使用戶的密碼被盜,也可以通過用戶的設備來驗證用戶身份,從而保護您的網站安全。
WebAuthn的自動註冊用戶名登錄*
WebAuthn還允許您為用戶提供無需輸入用戶名和密碼即可登錄您的網站的選項。用戶將自動通過WebAuthn進行登錄。
由於大多數用戶並不想維護過多的憑證,因此您可以允許用戶使用其設備作為憑證,如果該設備已驗證,則可以登錄該站點。
WebAuthn設備限制*
WebAuthn插件提供了一個選項,您可以對用戶可以註冊WebAuthn的設備數量進行限制。這將在您只想允許特定設備登錄您的網站時非常有用。
這將允許您限制用戶可用於訪問您的網站的設備數量。
基於角色的WebAuthn*
使用此功能,您可以允許WebAuthn用於特定的用戶角色。允許使用WebAuthn的用戶可以使用WebAuthn進行登錄,其他用戶將使用其通常的WordPress登錄憑證進行存取,無需受到WebAuthn提示的影響。
特定用戶的WebAuthn
使用此功能,您可以選擇可以使用WebAuthn登錄您的網站的特定用戶。其他用戶必須使用其WordPress憑證進行登錄。
外掛標籤
開發者團隊
② 後台搜尋「WebAuthn – Passwordless login using Fingerprint, FaceID, Touch ID, Yubikey」→ 直接安裝(推薦)
原文外掛簡介
Meet the new global standard of web authentication (WebAuthn). WebAuthn is a core component of FIDO2 Alliance which includes protocols that are based on public key cryptography and are strongly resistant to phishing (to varying degrees).
WebAuthn is a browser-based API by FIDO2 that allows web applications to simplify and secure user authentication by using their registered devices (android phones/ iphones, laptops, etc.) as factors. WebAuthn uses public key cryptography by FIDO2 to protect users from advanced phishing attacks. With WebAuthn’s Passwordless login using Fingerprint, FaceID, Touch ID plugin, you can allow your users to login to your website by just entering their device credentials (Fingerprint, windows hello, face ID, touch ID, etc).
WebAuthn increases the security of your website by providing an additional layer of security and it also enhances the user experience of your website. Webauthn protects your website from many common attacks like phishing, brute force protection, man in the middle attack, malwares, etc.
WebAuthn requires HTTPS connection or localhost for secure authentication
Passwordless login with webauthn
FIDO2/WebAuthn implements the concept of passwordless authentication. The users will enter their username and if their device/keys are configured with WebAuthn then they need to verify it for successful login. If the device is not registered for WebAuthn, then users need to enter their password and then they can configure the WebAuthn. This will make the user experience better by removing the password. It will also increase the security as webauthn is based on public key cryptography authentication and it allows the user to login only if the user is authenticated from the trusted device.
WebAuthn as the [second factor](https://plugins.miniorange.com/2-factor-authentication-for-wordpress)
WebAuthn is also used as the second factor to add an extra layer of security on your website. In this case the users will enter their username and password to verify their first factor and after that they will be prompted with the WebAuthn for verification of the second layer of security. This will protect your website even if the users’ passwords are compromised, because to verify the identity of any user you need to confirm the web authentication with their device.
Usernameless login with WebAuthn*
WebAuthn also allows you to provide an option where users can login to your website without entering their username and password. The user will be automatically picked at login via WebAuthn.
As most of the users do not want to maintain too many credentials so in that case you can allow your users to use their device as the credentials and if the device is verified they will be logged into the site.
Device limitation*
The WebAuthn plugin provides an option where you can put a limit on the number of devices a user can register with WebAuthn. This will be helpful when you want only a particular device to login to the website.
This will allow you to restrict the number of devices a user can use to access your website.
Role based WebAuthn*
With this you can allow WebAuthn to specific user roles. The users who have been allowed to use WebAuthn can login with WebAuthn and others will use their usual wordpress login credentials for access, without getting prompted for the WebAuthn.
User-specific WebAuthn
With this you can select the specific users who can login using WebAuthn to your website. Other users have to use their WordPress credentials to login.
supported in the Premium version
