What is Passwordless Login?
Passwordless login is an authentication process where users login without the need for a password. Usually this means clicking a “magic link” on receiving an email or already being logged in to social media account.
Passwordless Authentication is growing in popularity. In the last several years, there has been large data breaches from some of the largest technology companies including Dropbox, Adobe, Yahoo, LinkedIn and countless others.
Businesses, of all sizes, around the world are targets for cyber criminals. Most details are sold on the black market, some are leaked and reported by the media. These leaks tend to reveal email addresses and passwords, the leaked passwords are sometimes encrypted, but often this encryption can be decrypted. Everyone knows you should use a different password for each service, most don’t.
55% of internet users use the same password for most, if not all, websites & services, according to a study from UK communications regulator, Ofcom. 26% of people said they use easy to remember passwords, such as people’s name or birthdays.
If a company gets hacked, cyber criminals are likely able access many other accounts and services used by their users.
What are the advantages?
There are many advantages of passwordless authentication:
User don’t need to remember a new password for every website.
Mobile users don’t need to enter their 12-character password with mixed-case letters, symbols and numbers on their small mobile keyboard.
Passwords can’t be hacked – no passwords are stored in the database
Faster form completion – at least one less field to fill in.
No “Forgot my password” processes – Users desperately trying to remember their first school teachers name or great-grandmother’s maiden name.
How does it work?
There are many different ways, below are few of the most common examples.
Email Login – The Magic Link
The simplest approach to passwordless authentication is, the user enters their email address, the service emails them a unique magic link, the user clicks on the magic link and it logs the user in immediately.
Although not completely passwordless, the business chat app, Slack, uses the magic link approach to allow users to quickly login on multiple devices.
Social Login – Logging in with Facebook or Google
The mostly widely used passwordless authentication is social media login. The biggest social login providers are Google, Facebook and Twitter. These companies provide a way for website and mobile developers to let their user’s login with their social media account or email account.
This is the quickest way to login, as most people are already logged in to these services.
Blogging platform, Medium.com allows a social login or by magic link to email approach.
PIN-based authentication typically is used by registering a user’s email address and mobile number.
On login a text message is sent to the mobile number with a unique code that expires after 30 minutes. The user will then enter this unique code and will be granted access.
Featured in countless movies but recently popularised by Android and Apple mobile devices featuring finger print. Mostly used in mobile apps as Android and iOS have functionality built into the OS which developers can use,
Typically, you register with an email address and then link your link your fingerprint, the built-in functionality of Android and iOS securely authenticate the fingerprint, the finger print is not shared with the app or any third parties.
Auth0 – Passwordless authentication service
Data Monday: Login & Passwords from Luke W
“Why Passwordless Authentication Works” by Sitepoint
About Fraser Clark
I've been a professional developer for over 10 years. I've been consulting and developing websites & software for small businesses, multi-nationals & governments.