RapID Secure Login (RapID-SL) is an app for Android and iOS that works with a WordPress Plugin to let you and your users login to websites and blogs without passwords.
To login from any desktop browser, simply scan the QR-code with RapID-SL on your phone, and it delivers a cryptographic signature to log you in without having to enter any of your details into the browser. That means there’s no risk of your details being intercepted, cached in the browser or keylogged and you don’t have to remember horrifically complex passwords for every site you visit.
You can also use RapID-SL directly from your phone – simply navigate to the site on your phone’s browser as usual, then tap the QR-code when it pops up, and it launches RapID-SL automatically for you. You just authenticate with your finger or PIN.
The RapID-SL app manages all of your accounts, so you can login to multiple accounts on multiple websites using just your phone with your finger or a simple PIN. When you go to login to a site on which you have multiple accounts, RapID-SL just asks you which account you want to use.
Step-by-step – for subscribers
As a ‘normal’ website user, all you need to do is to install the RapID Secure Login app on your phone. You can get this from the Google Play Store (for Android phones) or from the Apple AppStore. (Don’t get it confused with the RapID Connect app, which is what web site administrators use!)
Then, if you already have a password login to a RapID-enabled site, you can go to ‘My Profile’ (or another page specifically created for you by the web administrator), click on the big ‘RapID’ logo and scan the resulting QR code with the RapID-SL app. Then provide either a PIN or a fingerprint and you’ve done it. Next time you login, just scan the login code with the RapID-SL app.
If you are creating a new account and the site administrator has allowed self-registration, then you can fill in some of your details in the RapID-SL app itself (click Info, and then fill in your name and email address as a minimum). Once you’ve done this, click the Register link on the website, scan the code and click the Register button to confirm your details.
Step-by-step – for Web Administrators
So, to setup RapID authentication in your WordPress site, you need to:
1. Install and enable the RapID Secure Login WordPress Plugin on your site (use Plugins->Add new and search for Rapid Secure Login).
2. Install the RapID Secure Login app on your phone.
3. Scan the QR Code in the RapID Settings Page on your site, using the RapID-SL mobile App
4. The App will guide you through the RapID sign-up process to create an account.
5. That’s it! Your site is RapID enabled and ready to go!
As an administrator or a subscriber you may now add RapID login to those accounts:
1. Login and go to your WordPress User Profile (Users->Your Profile) and scroll down to the RapID section.
2. Click on the RapID logo to request a logon for your phone.
3. A RapID QR code is shown. Scan this with the RapID-SL app on your phone and follow the instructions.
To add a RapID login control to your own page, simply use the short-code: rpsl_secure_login
Your WordPress site tracks the most recent authentication for each phone and users can have more than one phone for their accounts.
On the phone, RapID-SL keeps a track of your login history for you.
As a bonus, the app also lets you set up your own details – name, email address and a meaningful name for your phone or tablet. If the site administrator has allowed self-registration, you can scan a QR code on the ‘Register’ screen to automatically create an account and associate a new credential with that account. You may still have to confirm the account by responding to the WordPress activation email (if the site admin has required this), but you can then logon to the site without ever having had to worry about passwords.
The Tecchie Bit
Using the RapID credentialing service, you get high security authentication using 2048-bit cryptographic keys without having to write a line of code. You can be up and running in just a couple of minutes.
As a site administrator, you first install the RapID-SL WordPress plugin. Then create an account with the RapID cloud credentialing service. That assigns you a unique service authentication key and a corresponding trusted issuer certificate, which you then upload into your WordPress site through the RapID Setting screen.
This grants your website unique permissions to request user credentials for use exclusively with your site. You are given a ‘trusted issuer certificate’ that verifies that everyone trying to login to your site using RapID-SL actually has a credential issued for your site.
In the WordPress login page, the plugin generates a random challenge and injects this in the form of a structured QR code for the user to scan with their phone app. When they do this, the app recognizes the site as one for which they have a credential, and signs an authentication instruction, which it posts directly to the website.
WordPress detects and validates the authentication instruction, maps the anonymous user certificate to an actual account name and completes the login process.
The great thing about the process is that once you have registered for your credential, there is no further communication needed between your phone and the RapID service – it’s just direct user to WordPress communication. You stay in full control and your privacy is protected. The RapID service is never given any personally identifiable information for the end-users of each WordPress site. Even credential renewals are automated.
So, what are you waiting for? Take advantage of your free allowance and give it a try today!
For technical assistance, please check our FAQ page. If you can’t find an answer there, check out the Forum at https://forums.intercede.com/