What is RapID Secure Login?
RapID Secure Login (RapID-SL) is an app for Android and iOS that works with a WordPress plugin to let you and your subscribers log in to WordPress websites and blogs without using passwords. Both the app and plugin use the RapID service to generate security credentials.
To log in from any desktop browser, simply scan the QR-code with the RapID-SL app, and it delivers a cryptographic signature to log you in without having to enter any of your details on the browser. That means there's no risk of your details being intercepted, cached in the browser or keylogged, and you don't have to remember complex passwords for every site you visit.
When browsing RapID-enabled WordPress sites on a mobile device that has the RapID-SL app installed, tap the QR-code on the login page to automatically launch RapID-SL. The app then logs you in after authenticating with your fingerprint or PIN.
The RapID-SL app manages all your accounts, so you can log in to multiple accounts on multiple websites using just your mobile device with your fingerprint or a simple PIN. When you go to log in to a site on which you have multiple accounts, the app asks you which account you want to use.
The service is built upon experience gained through Intercede's MyID, developed over the last 20 years to deliver secure credentials for some of the largest global organizations. Intercede software is currently used to manage over 12 million credentials worldwide, including numerous US and UK government agencies.
How RapID Secure Login works
Using the RapID service, you get high security authentication using 2048-bit cryptographic keys without having to write a line of code. You can be up and running in just a couple of minutes.
The RapID Secure Login WordPress plugin sets up your WordPress site to have a unique service authentication key and a corresponding trusted issuer certificate. The authentication key grants your website unique permissions to request credentials for use exclusively with your site, and the trusted issuer certificate verifies that everyone trying to log in to your site using the RapID Secure Login app actually has a credential issued for your site.
On the WordPress login page, the plugin generates a random challenge and injects this in the form of a structured QR-code for the subscriber to scan with the RapID Secure Login app. When they do this, the app recognizes the site as one for which they have a credential, and signs an authentication instruction, which it posts directly to the website. WordPress detects and validates the authentication instruction, maps the anonymous certificate to an actual account and completes the login process.
The great thing about the process is that when a credential has been issued there is no further communication needed to the RapID service - it's just direct user-to-WordPress communication.
You stay in full control and the privacy of you and your subscribers is protected.
Set up for WordPress site administrators
To enable RapID authentication in your WordPress site, you need to:
Install and enable the RapID Secure Login WordPress Plugin on your site.
Install the RapID Secure Login app on your mobile device, from either the Google Play Store or Apple AppStore.
Scan the QR-Code on the Plugin Settings Page using the RapID Secure Login app.
Follow the guidance in the app to complete the RapID sign-up process.
That's it! Your site is RapID-enabled and ready to go!
The WordPress login page will now have the RapID QR-code login control displayed. If you wish to add this control to
another page, use the short-code:
Set up for your registered / non-registered users
The WordPress Registration and User Profile pages will show the RapID QR-code registration control, which allows users to collect a RapID credential.
To collect a RapID credential for your WordPress site, subscribers with password login need to:
Install the RapID Secure Login app on their mobile device.
Log in to your site, and go to their WordPress User Profile page.
Scroll down to the RapID section, and click on the RapID logo.
Scan the QR-code with the RapID Secure Login app, and follow the instructions.
You can control which registered users have the ability to collect credentials based on WordPress roles on the Plugin Settings Page. If you have enabled 'Anyone can register' in General Settings then non-registered users can register on your site. If you want to allow them to collect a RapID credential during this registration process then enable the WordPress 'New User Default Role' for RapID credential collection.
If you, as the site administrator, have configured activation emails, your subscriber will need to confirm the account by responding to the WordPress activation email before logging on to the site.
Your WordPress site tracks the most recent authentication for each device.
The RapID Secure Login app keeps track of the login history on the mobile device.