Have you reached the point where remembering and managing credentials for your dozen accounts has become such a pain that you are taking the shortcuts everyone is warning you about? Still using short, memorable passwords? Or reuse them a lot? There’s no need to do it anymore as UNLOQ makes password-less authentication a breeze.
What is UNLOQ?
UNLOQ is, in it’s basic form, a free, distributed authentication system, that only needs to store a user’s email in order to let him authenticate. Users need the free UNLOQ app available in App Store and Google Play and a profile that they can create by verifying their email. Later, they can complete their profile with a name and profile photo, but these are optional and exist only to improve the users’ convenience.
Login to WordPress with one tap
The default authentication mechanism is a multi-factor system that uses out of band communication to authenticate a user. After a user has registered with UNLOQ (downloaded the app and created a profile), he will only have to click the UNLOQ button in an application that implements the system and, in a fraction of a second, he will receive a push notification on his mobile phone, asking him to approve or deny the authentication request.
To prevent spam, each user will be asked to verify his/her identity when sending their first authentication request from a new browser by inserting a time-based one time password that they can find in the app.
Security token login
For the case the user does not have internet connection on the mobile, UNLOQ implements a couple of alternative authentication methods. First one is time-based one-time-password that is generated in the UNLOQ mobile app. In order to access this option a user will have to open the menu that can be found in the right bottom corner of the UNLOQ login box, select this option and then grab the code from the mobile app and input it in the form.
The third login option is the basic email login. Even though this is probably the most tedious method, it does cover for the cases where a user does not have a smartphone or it is not in reachable distance.
Available as a WordPress plugin
Integrating UNLOQ authentication system into your site is fairly easy, but with the WordPress plugin it’s a breeze. There are three basic steps you’ll need to take:
- Download the mobile app and register for an account with UNLOQ. During the registration process you’ll have to define an organization, validate your domain and create & configure an application.
- Install the UNLOQ plugin and activate it.
- Grab the API keys from your UNLOQ account and input them in the setup section of the UNLOQ plugin. From here, you can also choose the login box theme and if you’d like to keep both types of authentications (UNLOQ & default username and password) or you’ll rely on UNLOQ.
The entire process should take less then 10 minutes. All users that have pre-registered in WordPress will be able to access your system with the email they have created the account in the WordPress instance. You can allow users to self register by changing the appropriate setting from the General Settings section in WordPress admin panel.
Besides verifying the domain names so that all parties can trust that the authentication requests come from a trusted party, UNLOQ lets application managers set a few other security options:
- Ask the user for a time-based one time password on each login
- Choose the alternative authentication methods (email or time-based one time password)
- Set up request origins and timers.
With three ways to authenticate, a bunch of security and personalization features, UNLOQ aims to change the way we authenticate online. Would you give it a try?