6 November 2020
Passwordless Authentication Is the Way of the Future
Once upon a time, a password was enough to log in to a website or an app, and nobody gave it a second thought. It was a simpler time. You had a username and a password, you typed them into their little boxes and you were in. But that time is long gone, and the traditional password is a bit long in the tooth. Passwords have become a security liability to both companies and users. It’s high time to move on to safer alternatives, like passwordless authentication.
What can go wrong with using passwords?
There are some serious drawbacks to the classic password paradigm. Here are a few of the disadvantages:
- It is increasingly difficult to keep track of them. According to Nordpass, the average user has to juggle 70-80 passwords. There is no way users are going to memorize them all.
- In order to memorize their passwords, people resort to the equivalent of slipping their wallets to the toes of their shoes when they’re at the beach: they either use very easy to remember but easy to guess passwords or just use one strong password for multiple accounts, sometimes maybe both.
- Simple passwords and password recycling is a serious issue because simple passwords are prone to brute-force attacks, and recycled passwords can be obtained with just one data breach. In fact, a Swedish security firm recently had a data breach because someone set the password to “password01”.
- Users forget their passwords, and it can be a hassle to reset it. Coming up with a new password is not a fun process either, so users tend to add a number at the end of the password, such as “ilovepizza1” or “correcthorsebatterystaple86”.
So what is passwordless authentication and how can it replace traditional passwords?
Passwords are relatively easy to gain unlawful access to, and the industry came up with several alternative methods of authenticating users without frustration and compromising ease-of-use.
- OATH TOTP applications: This method involves third parties handling passwords instead of the user. Applications such as LastPass and Google Authenticator generates a temporary authentication code for the user to log in.
- Email: Users are provided with a magic link, which itself is an authenticated URL, to help users log in with a single click. There is no username or password combination whatsoever, so there is less friction.
- Multi-factor authentication: This method involves asking the user to provide additional information like a PIN, security questions that are set up during sign-up, and contact info.
- Biometric data: Nowadays many devices come with a fingerprint scanner and/or a facial recognition feature built-in. This method utilizes these technologies to verify if a user is actually the holder of the account he/she is trying to log in to.
- SMS: Much like the Email method, the user is sent a unique OTP to their phone number and the user proceeds to enter the code. This is the most commonly used authentication method out there, yet it’s not the simplest or the safest. It’s also very costly to send every user a text when logging in.
What advantages does passwordless authentication have over traditional passwords?
- Stronger security: Doing away with passwords completely removes the weak link in the equation that’s created by the user, and it means one less attack vector. No more simple and recycled passwords that are very vulnerable to data breaches, and sold on black markets on the internet.
- A better user experience: Since there’s no more password juggling on the user’s part, they can log in with a single interaction with the device they’re using. Biometric scanners such as fingerprint scanners and facial recognition technologies are perfect for this. If those are unavailable, users can click a link in an email, and they’re in without even touching the keyboard. Or in the case of SMS, which is hugely popular, they simply type out a one-time password, or if they’re on mobile, just tap the link.
Although SMS costs an arm and a leg, there’s a cheaper, faster, and more secure way of doing it. VerifyKit enables businesses to send verification codes through WhatsApp, reducing verification costs compared to traditional SMS. Not only that, using these widely-used messaging platforms adds to your UX efforts, resulting in a smoother, easier, and overall, a lot more enjoyable experience for your users. Be sure to check out what VerifyKit has to offer today and start verifying your users.