WordPress plugin review: MagicPassword

WordPress plugin review: MagicPassword

Security, as we all know, is a serious issue. One of the weakest points of most websites is the password that allows anyone who knows it to take over the admin section and therefore, the whole website. Today, I'm presenting you an efficient and free solution to the "password problem": A WordPress plugin called MagicPassword.


The problem with passwords

As the keys to unlocking our online profiles, passwords are a ubiquitous part of the digital age. Since each of our profiles necessitates a separate password, it is not uncommon for people to need up to 50 passwords.

There’s a lot of conflicting info about password security. Some websites will tell you that you need at least 8 characters including capitals and symbols, some will recommend using a passphrase, and so on.

Of course, the stronger a password is, the less you are likely to be a victim of brute force attacks. But in any case, no password is 100% secure. This is why we have been seeing more and more apps and websites offering 2 factor authentication, an extra layer of security that requires not only a password and username but also something that only, and only, that user has on them, i.e. a piece of information only they should know or have immediately at hand – such as a physical token.

What is MagicPassword?

Released a few months ago, MagicPassword makes your WordPress log in process completely passwordless. You only need a phone with the dedicated app installed.

MagicPassword is a free security Clef-like app which allows you to log in to your WordPress quickly and in a secure manner. All you have to do is to open your application, scan the QR code, and you’re done.

That way, only the person in possession of your phone can access your WordPress dashboard.

MagicPassword stands in between the “classic” user/password authentication, and the two-factor authentication process we discussed earlier. This allows you to make your WordPress dashboard much more secured, but also keeping the login process quick and effortless.

Installing MagicPassword is easy: Just login to your WordPress dashboard and navigate to Plugins, then Add New. Search for MagicPassword and install/activate it. Once done, you’ll be provided instructions on how to download the app from Google Play or Apple’s App Store. Scan the QR code with your app, and you’re ready to go.

Pros and cons

  • It is really easy to log in (maybe not so easy as typing a password, but easier than typing a password and 2FA code as a second step verification).
  • Due to the change in the standard way of logging in, the security of the login process is increased. Even if a hacker ‘eavesdrops’ on the communication, they will not be able to log in to the system because the communication is encoded, and the key is systematically changed. Moreover the password cannot be cracked by means of a ‘brute force attack’ (due to limited attempts) or ‘keylogger attack’ (the keyboard isn’t used).
  • The user doesn’t need to remember and store passwords and simultaneously, has a possibility of logging in from any device. So, this is much more comfortable and doesn’t cause trouble with managing passwords — which is very common when logging in in a traditional way or remembering passwords in a browser.
  • This system is more effective because it doesn’t involve new passwords being constantly generated. It is regularly done for us by the system in the background.
  • MagicPassword also works with many users and supports TouchID/FaceID/FingerPrint, etc.
  • The plugin is 100% free and can be downloaded from the official WordPress plugin repository.
  • One the cons level, the main thing is that logging in to your site will be more complicated and will take longer than using the classic password authentication. But security always comes at a price.

Final thoughts

MagicPassword provides a secure way to handle authentication on your WordPress site, while still being less of a hassle than a classic two factors authentication.

If you are looking for a simple way to effectively protect your website against brute force attacks and other malicious attempts to fraudulently access your WordPress admin, MagicPassword is a serious option to consider.