LaunchKey – log in to WordPress with your fingerprint

I’ve recently become a little frustrated with my current two-factor authentication plugin of choice, Duo Security, because they removed the option to remember you for a set period of time and made that a paid feature, so now I have to authenticate every single time I log in, which is overkill.

On my search for the most current options (having already worked with various other 2FA plugins previously), I stumbled upon a new one to me: Launchkey.

It’s somewhat similar to other 2FA plugins, but has the added feature of being able to use biometric information to log in to your site. You can choose between taking a picture of your face, or using a fingerprint.

Given that I already use Touch ID on my iPhone to log in to various services, I thought this was a nice next step.

I went about installing the plugin and setting it up. The setup process isn’t very clear, so for your benefit, the process is generally:

  1. Download the app on your phone, create your account and verify your email address.
  2. Go to the Launchkey website on your computer and create a new app for the domain that you’ll be installing Launchkey on.
  3. Install the plugin on your site and copy the app key and secret key from your newly created app in your Launchkey dashboard.

Now, each user can go to their profile page in WordPress and link their account to a Launchkey account. When they next visit the login screen, instead of using their username and password, they can select the “Login with Launchkey” button and send a push notification to their paired device for them to authorise the login, using either their fingerprint or a scan of their face, depending on how they’ve configured their device.

Fingerprint login using Launchkey

If a user wants to solely be able to log in with Launchkey, they can remove their password, meaning that they’ll only be able to log in with Launchkey.

The whole process is somewhat fluid and well thought-out, but there are a few restrictions that are stopping me from fully adopting it at this point.

  1. You cannot force all users, or any subset of users (editors and above for example) to use Launchkey. The system is completely opt-in.
  2. You cannot completely replace the login screen with a Launchkey login screen, where that is the only option.
  3. You cannot type in your WordPress username and click on “Login with Launchkey” without then having to type in a separate username for Launchkey. I should be able to type in my username and have the push notification automatically sent to my phone.
  4. I’d like to see app passwords built-in, so that I can force WordPress admin logins through Launchkey while allowing individual apps (like InfiniteWP and WordPress for iOS) the ability to log in to my account without having to use Launchkey.
  5. This is not two-factor authentication. Since the password is not required, this is just an alternative to logging in with your password. The workflow I’d like to see is: enter username and password, Launchkey automatically recognises the WP user and its associated Launchkey account and sends the push notification for a quick fingerprint scan before finalising the login. There should be an option for this.

Launchkey have done a nice job, and it’s clear that their service is well thought out and has the ability to go far, but the plugin needs to mature a little for it to meet my own needs. With that said, I’m sure that there are plenty of people for whom this is a nice evolution of the practice of logging in to services with our phones.

Get Launchkey

3 thoughts on “LaunchKey – log in to WordPress with your fingerprint”

  1. bamajr says:

    Try Authy ( or @Authy on Twitter) It has a very strong “FREE” offering as well as a solid appeal to upgrade to their “PAY AS YOU GO” plan. It works great with self-hosted WordPress instances. Authy hasn’t integrated Apple’s iOS Touch ID, but they should (Hint, Hint!).

    1. Yeah I tried them before and it works fine, but it’s a very traditional 2FA approach – enter login details, open app on phone, enter code and log in. I find that to be a little more cumbersome than plugins which send push notifications to your phone to either approve the login (like Duo) or scan your fingerprint (like Launchkey).

  2. Hey Dave, thanks for the feedback! We know we can certainly improve the WP experience, and it is on our roadmap. I have forwarded your feedback to the rest of the team.



Leave a Reply