From mediawiki.org
MediaWiki extensions manual
Passwordless Login
Release status: experimental
Implementation User identity
Author(s) Florian Schmidt (Florianschmidtwelzowtalk)
Latest version 0.0.1
Compatibility policy invalid
MediaWiki 1.33
Database changes Yes
Composer mediawiki/passwordlesslogin
License MIT License
  • $wgPLEnableApiVerification
  • $wgPLFirebaseSenderId
  • $wgPLFirebaseAccessToken
Quarterly downloads 3 (Ranked 163rd)
Translate the PasswordlessLogin extension if it is available at translatewiki.net
Issues Open tasks · Report a bug

The Passwordless Login extension is an experimental extension that was created during the Wikimedia Hackathon 2019 in Prague. It allows an user to login to their user account on a MediaWiki site without entering their password anymore. Instead they can confirm that they want to login with their previously paired smartphone.

The login mechanism can be considered secure as long as the MediaWiki site where the user wants to login is accessible by https only. There's task T224049 which, if implemented, requires the user of https at all.


  • Download and place the file(s) in a directory called PasswordlessLogin in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php file:
    wfLoadExtension( 'PasswordlessLogin' );
  • Run the update script which will automatically create the necessary database tables that this extension needs.
  • Yes Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

To users running MediaWiki 1.24 or earlier:

The instructions above describe the new way of installing this extension using wfLoadExtension(). If you need to install this extension on these earlier versions (MediaWiki 1.24 and earlier), instead of wfLoadExtension( 'PasswordlessLogin' );, you need to use:

require_once "$IP/extensions/PasswordlessLogin/PasswordlessLogin.php";


  • PLFirebaseAccessToken: The access token you can retrieve from your Firebase project under the settings. This access token is used to be able to send messages to an Android device to verify the login.

Android app[edit]

This extension requires a second factor in order to work. There's an Android app, which implements the counterpart of this extension. The app is published on the Google Play Store. However, you can also build it yourself from the sources.

Privacy Policy for the Android App[edit]

The Android app, which is built from these sources, does not save any personal related information or communicates with any service except the MediaWiki sites you connect this app with. The app will communicate with the Firebase Cloud Messaging service in order to generate a unique ID, with which a single device can be identified. This ID is transmitted to the MediaWiki sites you register within the app and will be saved on the servers hosting this site. The ID is used to create a login prompt when you login on one of the registered MediaWiki sites.