Passwordless Authentication-A Mechanism where Users do not need to Login with Passwords
Passwordless authentication is a type of authentication where users do not need to login with passwords. This form of authentication totally makes passwords obsolete. With this form of authentication, users are presented with the options of either logging in simply via a magic link, fingerprint, or using a token that is delivered via email or text message.
Case Study :-
Over the years, cases of stolen and hacked passwords have been on the rise. So many cases, such as the Yahoo data breach, Dropbox user accounts leak, and LinkedIn Data Breach, had to do with having several passwords leaked. With these challenges staring down at us like a monster, what if there are no more passwords to be hacked? What if there are no more passwords for users to remember? What if we discard the use of passwords totally? Passwordless authentication to the rescue!
Benefits:-
Improve User Experience:- The faster users can sign up and use your service, the more users your app tends to attract. Users dread having to fill out forms and go through a rigorous registration process. Imagine eliminating that extra five minutes of asking users to remember their grandmother's maiden name as a security question. Passwordless authentication helps improve user experience in this regard!
Increase Security:- Once you go passwordless, there are no passwords to be hacked.
Passwordless authentication can be implemented in various form :-
1.Authentication with a magic link via email:- With this form of authentication, the user is asked to enter their email address. Once the user submits the email address, a unique token or code is created and stored. An email with a URL that contains the unique token will be generated and sent to the user. When the link is clicked by the user, your server verifies that the unique token is valid and exchanges it for a long-lived token, which is stored in your database and sent back to the client to be stored typically as a browser cookie. There will also be checks on the server to ensure that the link was clicked within a certain period, e.g, three minutes.
2.Authentication with a onetime code via e-mail:- With this form of authentication, the user is requested to enter their email address. An email is sent to the user with a unique onetime code. Once the user enters this code into your application, your app validates that the code is correct, a session is initiated and the user is logged in.
3.Authentication with a one-time code via SMS:- With this form of authentication, the user is asked to enter a valid phone number. A unique onetime code is then sent to the phone number. Once the user enters this code into your application, your app validates that the code is correct and that the phone number exists and belongs to a user, a session is initiated, and the user logged in.
Who is using PasswordLess Authentication :-
Medium
Slack
Source:- auth0.com
Comments
Post a Comment