In the Feature Spotlight posts, we are going to highlight a feature in Solid Security Pro and share a bit about why we developed the feature, who the feature is for, and how to use the feature.
Today we are going to cover Passkeys, the easiest and most secure way to log in to your WordPress site.
What are passkeys?
Passkeys are an innovative, passwordless authentication method designed to enhance security and simplify the login process.
Powered by the WebAuthn standard, passkeys include biometric login methods (like Apple’s Face ID, Touch ID, or Windows Hello), and are supported by all major browsers, including Chrome, Firefox, and Safari. Major tech companies like Google, Apple, and Microsoft all back the WebAuthn standard to make passkeys the future of secure logins across the web.
Why use passkeys?
Traditional passwords are often vulnerable to breaches, phishing attacks, and are prone to being forgotten or reused across multiple sites.
Passkeys address these issues by eliminating the need for passwords altogether, offering a more secure and user-friendly authentication mechanism.
Why we developed passkeys for WordPress
Password-based authentication has been a staple since the early days of the internet, enabling users to access websites and web applications using a username and password. This method has demonstrated its reliability and versatility, becoming the industry standard over the years.
However, despite its ease of implementation and use, numerous drawbacks and security risks have been identified for both users and servers. Essentially, neither users nor servers can adequately safeguard the shared secret.
The primary security risks of password-based authentication revolve around the use of passwords as shared secrets, which can be exposed to malicious actors at various points during the authentication process. Passwords can be breached or guessed through successful brute force attacks.
Advantages of using passkeys
Eliminate the risk of stolen or leaked passwords
Firstly, passkeys address the issue of stolen or leaked passwords. Statistics show that 86% of hacking-related breaches involve compromised passwords. Passkeys make password leakage or theft virtually impossible because passwords aren’t stored on a vulnerable server.
Additionally, your personal data never leaves your device. The website you log into doesn’t receive a copy of your fingerprint or face. Instead, a secure credential called a private-public key pair is created, forming a strong authentication method that is nearly impossible to hack.
Protect against phishing attempts
Next, passkeys safeguard you from phishing. Hackers often use sophisticated techniques to trick you into revealing your password, such as creating convincing emails and websites that impersonate real services. Passkeys are resistant to phishing because their built-in authentication methods prevent you from being deceived into giving away your password.
Adopt user-friendly security
Passkeys are also incredibly easy to use. Unlike traditional security measures that often add inconvenience—like strong passwords, two-factor authentication apps, or verification emails—passkeys allow you to log in quickly with a single click using your face or fingerprint. This eliminates the need for long passwords, extra emails, or two-factor codes.
Simplify mobile logins
With passkeys, logging in on your mobile device using Face ID, Touch ID, or Windows Hello becomes effortless. Many apps and sites already use this technology. Now, with Solid Security Pro, you can also use passkeys to log in to WordPress, reducing friction and enhancing the security experience for your users.
You can use your mobile device to log in with:
- Face ID
- Touch ID
- Windows Hello
Use the most secure login method for WordPress
Lastly, passkeys provide the most secure login method available for WordPress. Both website admins and end users, such as customers, can start using passkeys to log in to any WordPress site running Solid Security Pro. This login method ensures the highest level of security for your site.
How to use Passkeys in Solid Security Pro
At Solid Security Pro, integrating Passkeys into your security infrastructure is straightforward. Our platform provides comprehensive support for setting up and managing Passkeys, ensuring a smooth transition from traditional password systems.
Here’s how you can get started:
To set up Passkeys on your site, you will need to enable the feature on the Security > Settings > Features > Login Security screen.


Next, you will navigate to the Security > Settings > Configure > Login Security > Passwordless Login screen. Click the Passkeys checkbox so it is marked with a checkmark and then click the “Save” button.


Once you have enabled Passkeys, you can go to your WordPress Admin Menu > Users > Profile. Scroll down to Passwordless Login, enable the passwordless login feature for the user, and click the “Setup Passkeys” button.


Additional instructions for setting up Passkeys
We have comprehensive documentation available over in the Solid Documentation Center for:
Get Solid Security Pro with passkeys
Passkeys represent the future of secure and convenient authentication. By adopting passkeys through Solid Security Pro, you can protect your accounts with cutting-edge technology while providing a frictionless user experience. Say goodbye to the frustrations and vulnerabilities of traditional passwords and embrace a more secure digital future with Passkeys from Solid Security Pro.