Passkey Login
Learn how to enable passwordless login for WordPress using passkeys and biometric authentication.
Overview
The Passkey Login service enables passwordless authentication for your WordPress site using WebAuthn passkeys. Users can register their device's biometric authentication (Touch ID, Face ID, Windows Hello, or a security key) and sign in without typing a password.
Getting Started
- Go to RakuWP > Services in your WordPress admin and enable the Passkey Login service.
- Navigate to RakuWP > Passkey Login to configure settings.
- Make sure "Show on Login Page" is enabled.
Registering a Passkey
- Log in to WordPress with your username and password.
- Go to Users > Profile (your own profile page).
- Scroll to the Passkeys section and click Add Passkey.
- Your browser will prompt you to authenticate with your device's biometric sensor or security key.
- Give the passkey a descriptive name (e.g., "MacBook Touch ID", "YubiKey").
- The passkey is now registered and ready to use.
You can register multiple passkeys for different devices. Each passkey is bound to the specific device and browser where it was created.
Signing In with a Passkey
- Go to the WordPress login page (
wp-login.php). - Click the Sign in with Passkey button.
- Your browser will prompt you to select a passkey and authenticate (fingerprint, face scan, or security key).
- You're logged in — no username or password needed.
Managing Passkeys
Viewing Your Passkeys
Each passkey shows:
- Device name you assigned
- Date it was created
- Last time it was used for login
- Sign-in count
Deleting a Passkey
Click the Delete button next to any passkey to remove it. If you delete all your passkeys, you'll need to sign in with your password and register a new one.
Admin Management
Administrators can see all users with registered passkeys on the RakuWP > Passkey Login settings page. The admin view shows:
- Total passkeys and users with passkeys (stats cards)
- User table with passkey counts and last-used dates
- Expandable rows to see individual passkeys per user
- Delete buttons to revoke any user's passkey
Settings
| Setting | Description |
|---|---|
| Show on Login Page | Toggle the passkey button visibility on wp-login.php |
| Button Text | Customize the button label (default: "Sign in with Passkey") |
Browser Support
Passkeys work in all modern browsers that support WebAuthn:
- Chrome 67+ / Edge 79+
- Safari 14+ (macOS / iOS)
- Firefox 60+
If the user's browser doesn't support WebAuthn, the passkey button is automatically hidden and they can still log in with their password normally.
Security
Passkeys are based on the WebAuthn standard and use public-key cryptography. Your biometric data never leaves your device — only a cryptographic proof is sent to the server. Passkeys are phishing-resistant because they are bound to your site's domain.
Browser Compatibility
Passkey Login works with all modern browsers that support WebAuthn:
- Chrome / Edge — Full support including cross-device passkeys via Google Password Manager.
- Safari — Full support with iCloud Keychain sync across Apple devices.
- Firefox — Supports platform authenticators (Touch ID, Windows Hello).
Passkeys are bound to your site's domain. If you change your site URL, existing passkeys will stop working and users will need to register new ones.
Security
Passkey Login uses the ES256 (ECDSA with P-256 and SHA-256) algorithm with none attestation. Credential private keys never leave the user's device — only the public key is stored on the server. This makes passkeys resistant to phishing, credential stuffing, and server-side breaches.