Press This: A WordPress Community Podcast
In this episode of Press This, a WordPress Community podcast, we will be discussing a new tool called Trusted Login, which allows temporary and encrypted access to be shared between customers and support teams. As an agency or plugin developer, there are many times when running customer support could be made so much easier if you had access to your customers' dashboard. However, there are obviously a lot of concerning issues about asking for that sort of access and how it could be done. That's why we're going to be talking with Zach Katz, the founder of GravityKit and Trusted Login, about this new tool and how it can benefit both developers and customers.
Table of Contents
- Introduction
- The Problem with Admin Access
- Introducing Trusted Login
- How Trusted Login Works
- Benefits of Trusted Login
- Site Health Status
- Building Confidence with Developers and Agencies
- Conclusion
The Problem with Admin Access
As a plugin developer and a business owner, Zach Katz didn't want to be on the hook for the liability of granting admin access to a customer's website. It didn't seem safe for the business, and it also wasn't respectful of the company's customers because he wanted to limit their exposure to any security issues that any of his team members might have. The problem with admin access is that you have access to everything, and every time you ask for admin access, there's a little part of you inside that says, "This is a really bad idea. This is an easy way for a single point of failure." If somebody hacks your email, then they'll have access to everything, and that's true. It's a really unsafe way of granting access.
Introducing Trusted Login
Trusted Login is a new tool that allows temporary and encrypted access to be shared between customers and support teams. It's an add-on kit that a developer can add to their plugin, and it's publicly shareable as a key. The primary goal of Trusted Login is clarity, and to make it clear to the customer what they're giving, for how long, and to whom. When a user grants access to their website, it gets encrypted and sent directly to Trusted Login, where it's stored encrypted. The only thing that's not encrypted is the URL of their website, which allows Trusted Login to find it a little easier on the support side. Everything else is encrypted, and if it were to be hacked and everything downloaded, it wouldn't matter because there's a private key that's generated on the client site, so Trusted Login can't read anything that goes and gets stored on their service.
How Trusted Login Works
When a support representative logs in, they're given a key that the customer gives to the support representative. The support representative enters that key, and Trusted Login asks, "Hey, do you have anything that matches this key?" That key gets encrypted and then searched for the encrypted key, and then the login all happens. The nice thing is that the support representative never has access to any of that encrypted data. It all goes through Trusted Login, and Trusted Login doesn't know anything about the client site. It's all encrypted, and all the handshaking only allows the most limited amount visible to each representative at any specific time, so it's as secure as it could possibly be.
Benefits of Trusted Login
Trusted Login is great for agencies as well, branding temporary access to the site. Agencies don't always want permanent access to a client's site for liability purposes, but also they like to hand it off sometimes and not be permanently involved. If a client then wants to have them make changes, they can grant Trusted Login access. Trusted Login is also great for plugin developers and theme developers. Any plugin or theme developer knows that it's a lot easier to figure out what's going on with the website if you have access to that website. The problem with that in the past has been that you ask for admin access so you can log in and check things out, but the problem with admin access is that you have access to everything. Trusted Login solves that problem by allowing temporary and encrypted access to be shared between customers and support teams.
Site Health Status
Trusted Login is also great for site health status. When you're doing triage for a bug and somebody says, "This isn't working," there are a lot of easy questions that could be answered with the site health report on WordPress. The site health report includes things like what version of PHP, what theme are you running, what other plugins are running, and a whole host of issues that can be resolved by knowing the time zone, knowing the language, and all that information. With Trusted Login, there's a checkbox that says, "Send a site health report," and if they check that box when they're granting access, it'll automatically send all that information to the support team. It's going to be so nice for the customer support team because they won't have to ask that round trip question, and that saves everybody time, including support. It saves costs for the cost of support requests, and it saves time for the customer who can get their bugs fixed faster and their questions answered faster.
Building Confidence with Developers and Agencies
Trusted Login is a product for both end-users and developers. It can be complicated to get set up and running, but we are working with Josh Pollock with Plugin Machine so that we can have a built customized file that's downloadable and easily installed. It's already pretty good for an advanced developer, but it's not as good for an intermediate developer at the moment. We're going to make it simpler from a developer side. Trusted Login is starting with relationships that are already in existence, and hopefully, from there, people can say, "Oh, this plugin that I use, this company that I trust, they're integrating with Trusted Login, and I can build the message that way."
Conclusion
Trusted Login is a new tool that allows temporary and encrypted access to be shared between customers and support teams. It's great for agencies, plugin developers, and theme developers. Trusted Login is also great for site health status. It's a product for both end-users and developers, and it's starting with relationships that are already in existence. If you want to learn more about Trusted Login, please visit trustedlogin.com and sign up for our mailing list.
