A username or email address and a password: this is the combination that the vast majority of services require users to provide in order to gain access to their accounts. Even if this authentication method is still the most widespread, the average user is frustrated at the thought of coming up with and then memorizing long and complex logins for each account. And this usually leads to either the reuse of the same password over and over – which is insanely reckless – or a desperate search for ways of bypassing the need to remember a set of random characters. However, if passwordless authentication methods – like the one developed by Auth0 – become the industry standard, then we can hopefully say goodbye to those pesky passwords once and for all.
The Beauty of Temporariness
The funny thing about passwordless authentication is that the technology behind it – which is eerily similar to situations where a new password is requested when the old one has been forgotten – is so simple that we have to wonder why it wasn’t used before? It’s so simple in fact that when passwordless authentication is activated users only have to provide their email addresses or mobile phone numbers to receive a temporary URL link or a passcode via email or SMS with which they can authenticate themselves and access their accounts. In this regard it is just like two-factor authentication (2FA) that also similarly operates with temporary codes. The only difference is that passwordless authentication doesn’t require the presence of a secondary device, although it is possible to use 2FA apps like Auth0 Guardian to send push notifications through which authentication can be completed.
To make things even better, passwordless authentication is even safer than the usual username and password combination as not only are temporary passcodes less vulnerable to brute force attacks but they aren’t stored on the service’s servers either, meaning that they cannot be extracted if the service is compromised. Admittedly, the fact that the temporary authentication key is sent through email or SMS – two communication channels that are known for being more insecure than other methods – could raise some questions about the overall security of passwordless authentication. However, there is no need to worry: since the code or link automatically expires after a given period of time, wrongdoers cannot access the account, especially if a 2FA app is involved too.
How Does It Hold up?
Knowing that average internet users are craving for anything other than memorizing passwords – just look at the unquestionable success of biometric authentication methods like FaceID, voice recognition, and fingerprint readers – it’s clear that passwordless authentication is destined to become a worthy successor to passwords. In fact, after seeing the growth of the total number of passwordless logins made between January 2015 and May 2016, Auth0 has predicted that by the end of the 2020s passwordless methods will replace passwords as the primary form of authentication.
But even if passwordless authentication is expected to be the means of authentication that finally puts passwords to rest once and for all, its growth is still too slow – which isn’t all that surprising considering that most services would rather stick to something familiar than to take a nosedive into the unknown that is the world of passwordless authentication. In simpler words, it’s likely that the password will definitely still be around for a while.
Survival Techniques Before the Passwordless Salvation
Since passwords won’t be going away soon it’s best to listen to security experts and come up with a login that is secure enough to be considered uncrackable by hackers. And even if there are many methods with which users themselves can create complex but memorable passwords – to avoid the unrecommended reuse of passwords – the most convenient way is still the use of password management programs.
With such a solution on board, all passwords are imported from the browser to be replaced with even stronger ones and will even autofill credentials into login boxes stored within the software. But there’s a glimpse of the passwordless future here, too, since the number of passwords to be memorized is reduced to just one, the master password, which protects the program’s secure vault where all sensitive data is stored.
Best Password Managers of 2019
|Editor's Choice 2019|