Featured

Will Logins WITHOUT a Password Become The Norm?



Published
Passwordless is the future of logins as better forms of authentication are created. Check out https://auth0.com/passwordless today's sponsor to see what I mean!

#passwordless #login #auth

As the digital age expanded our use of software from computers to mobile phones, to apps and more, password logins were everywhere, from accessing your bank to seeing your workplace payslip, to even checking your exercise summaries, for those people who actually exercise, not me (though i really should start)

However, this brought to light the problems with passwords quite quickly. Security. 80% of all account breaches were due to their passwords being leaked or uncovered. This is a pretty scary statistic if you stop and think about its implications. How could so many accounts be revealed so easily? Well, this is because of a few factors that make using and storing passwords not really the best option for account access.

To start off with, weak passwords make it easy for people to guess and access an account. Weak passwords can be things such as Password1, or Monday2, where the day and date of the month are combined, but these are some of the most often checked by brute force password crackers.

Other examples of weak passwords are ones that use family members’ names and birthdays. Social engineering makes cracking these as simple as cracking a nut.

And that's just one issue.

Duplicate passwords are another cause of security vulnerabilities. That’s when the same password is used for some or all account logins. To be honest, even I reuse some of my passwords. Duplicate passwords, therefore, play a significant role in account security, with up to two-thirds of all people reusing their passwords.

The solution to some of these issues is to use unique and strong passwords. But complexity isn’t as helpful as some might consider. It only means that people no longer remember their passwords, some might even store them in less secure locations, like on physical paper next to their monitor. It sounds like a joke, but having working in IT for over 10 years, I saw it happen all the time.

Password managers came along to help resolve many of these issues, allowing people to automate their password security without having to memorize or strengthen them. While a better solution, the one issue with password managers is that a leak of the master password can expose you and all your accounts all at once, a scary thought.

It’s no wonder why general passwords are no longer considered practical or safe, and so many institutions of significant size like banks, healthcare, and the government have already taken steps to implement better authentication improvements like 2-factor authentication.

A passwordless login is a way to access an account without using the traditional username and password. In most cases you will still have a login identifier, however the second step of using a password is replaced with a alternative medium of identification. They include things like an email link, a biometric check or even a roaming authentication check.

Biometric is the second time of passwordless login that can be done by using things like touch id or face id that is often found on the iPhone to login. While not used as often, you’ll find that banking applications are good use cases to implement such security, with my own bank in Australia doing just this for me to access my account.

Roaming authentication is another type of passwordless login where security keys, prompts or codes are used to verify the authenticity of a user. Discord for example can use a QR code to automate a login, while Google often has an in-app check to confirm you are logging in these days.

Platform based authentication as seen by banks and organizations to help doubly confirm items like payment transfers before they occur. This is when you need to input a short term code like 1234 before processing an action. Google authenticator is also a good example of such a multi factor authentication method.

Learn Design for Developers!
A book I've created to help you improve the look of your apps and websites.
Category
Web design
Be the first to comment