Digital identity vendor Intercede has announced RapID Secure Login (RapID-SL). It is targeted at WordPress sites to improve the security of access. WordPress users regularly suffer brute force attacks against their sites. A successful breach leads to them being taken over, defaced or used to distribute malvertising and spam. For many WordPress site owners, the easy of getting started is offset by their lack of knowledge in security.
According to Richard Paris, CEO, Intercede: “..this new Plugin provides users with a secure, easy to implement and simple to use authentication service for any WordPress site. The solution is security magic for small businesses and consumers who have previously felt digitally disenfranchised from enjoying strong levels of security and privacy. Faced with the harsh reality of today’s digital economy, usernames and passwords are no longer fit for purpose as they become an easy target for hackers. RapID-SL provides an alternative that is both more secure and user-friendly. We expect more businesses and consumers to demand this level of security in future to protect their sensitive information from prying eyes.”
How does it work?
It’s a WordPress Plugin and phone app that runs on Android and iOS. When a user wants to log n they go to the site and scan the QR code on the screen. They then authenticate to their phone using a fingerprint, PIN number or other security mechanism on their device. They can also login from their device by browsing to the site and tapping on the QR code.
Installation is as simple as using any other WordPress Plugin and RapID-SL can be downloaded from the WordPress Plugin site. This makes the whole experience simple for site owners and site designers. When users enrol to the service they are enrolling with Intercede. This means that they are issued a security credential for their device. It means that a user can have multiple devices authenticated to their device and can authenticate with multiple sites.
The key to this working is the mobile phone number which is stored by Intercede. If an administrator wants to block a user, they simply login to the Intercede account and remove enrolled phones from the account.
Websites are under constant attack from people trying to gain access to the backend systems. With an increasing number of websites selling to their visitors and holding personal data, secure access needs to improve. It will be interesting to see how quickly Intercede can get take-up of RapID-SL and what the feedback is as the service begins to scale.