With the release of iThemes Security Pro 7.3.4, you will be able to specify whether browsers should require additional verification when a passkey is used to log into WordPress or defer to the browser’s own preferred behavior.
We have released iThemes Security Pro 7.3.4 today. It provides users with more control over the ways operating systems and browsers may respond to requests for a passkey.
Currently, passkey support is not universal, and it varies across platforms. Some browsers require verification to use a passkey. (For example, a prompt to provide a PIN or biometric verification.) Other browsers do not require this step.
Security Pro 7.3.4 Maintenance Release
Tweak: Add support for mandating User Verification when using passkeys.
Bug Fix: Don’t require “Write to Files” to be enabled to use the “Rotate Encryption Key” tool.
A valid passkey-equipped device or hardware key (like a Yubikey) allows anyone using it to skip through passkey-enabled login forms without entering (or even possessing) a traditional password. The browser or device should ask for an additional verification step like a PIN or a biometric check. (For example, Apple Face ID and Touch ID or Windows Hello.) However, not all browsers currently handle passkey authentication in the same way. Some will not require an additional verification step. In particular, the Mozilla Firefox browser does not support passkeys at all in a MacOS environment.
To protect users against stolen devices and hardware keys, we have added the option to require an additional user verification step or leave it to browsers to decide if this is necessary.
With the 7.3.4, release, if you are using Security Pro’s Passwordless Login and passkey features, you will see the following new option:
As shown above, iThemes Security Pro 7.3.4+ either requires or delegates user verification to browsers when a passkey is used. The default option is to follow each browser’s preferred method for responding to passkey requests.
Security Pro users may update to the 7.3.4 maintenance release at their convenience.
Get Release Notes for SolidWP products delivered right to your inbox.
Sign up
Join us for the next Solid Academy Webinar!
Free weekly webinars that will help you master WordPress and increase your business's bottom line.
What is a WordPress Phishing Attack?
Learn how to identify and prevent phishing attacks on WordPress websites.
Kiki SheldonWebsite Protection: 5 Ways to Keep Your Website Safe
Robust website protection is the shield that stands between your business and relentless cyber attacks. Prioritizing website protection enables businesses to fortify defenses to safeguard their online presence and preserve the trust of their customers in the face of ever-evolving cybersecurity threats.
Kiki Sheldon23 Ideas To Grow Your WordPress Business in 2023
WordPress is the most popular website-building platform worldwide, trusted by numerous brands. WordPress enables you to build a user-friendly and highly reliable site, together with tools and plugins to enhance your marketing and work like a lead magnet. All these features make WordPress the platform chosen by more than 43% of businesses globally.
SolidWP Editorial TeamSign up now — Get SolidWP updates and valuable content straight to your inbox
Sign up
Get started with confidence — risk free, guaranteed
