Authentication without passwords (Passwordless Authentication) will definitely be the next step for online accounts. It offers a better user experience and added security.
Currently, when we access the email account, the profile on a social network or even the user account from the bank, the first data we have to enter are account user and password. Accounts that require a higher degree of security, in addition to the password, also require a second authentication factor. This can be an additional code received by SMS or email, OTP (One-Time Password) or it can be a token code generated by applications such as Google Authenticator.
The password is not the guarantee of the security of an account
In a study conducted by Transmit Security’s State of Customer Authentication, it was shown that over 50% among the participants they disclosed the password to someone else for at least one account, while over 41% they disclosed passwords for more than one account.
55% of those who participated in the survey they gave up to use the services of a requesting portal or website password registration. This process being very difficult for many users. Especially online services that require complex passwords composed of capital and non-capital letters, numbers and special characters.
The study also highlighted a worrying aspect. 87.5% of users had their accounts blocked at least once due to failed authentication attempts. They forgot their password. Among them, 92% left the online service without recovering the password.
In personal experiences like administrator of online stores, we have noticed how with the development of technology, the patience of users is getting less and less. The user no longer has the patience to fill in many mandatory fields when making an online order, he no longer wants to remember complex passwords, he no longer wants to wait many days until an order is delivered.
For example, if you want to lose a percentage of the potential customers of the online store, leave the fields "postal code" and tick by as mandatory default "delivery to another address". At the first red message after pressing the "Submit Order" button, many users close the web page.
In conclusion, we can say that the password of an online account has become a small stress factor. Or a greater stress factor if we urgently need to access an online service for which we have forgotten the password, and the password recovery process is complex. As is the case with Meta, when we need to recover the password of a Facebook account. We have had situations where Meta (formerly Facebook Inc.) requested the identity document of the account holder and even then he was unable to recover the password.
The largest advantage of passwordless authentication it would be first of all the user experience.
How to authenticate without passwords in online accounts - Passwordless Authentication
There are some current alternative methods by which authentication can be done without passwords.
One-Time Password is the most accessible authentication alternative without a password. OTP is currently used by many payment processors to confirm online transactions. Users receive via SMS or email a confirmation code valid for a limited period of time. This code must be entered in the web interface or the online application from which the transaction is made.
Push Notification is another method that is gaining popularity. Currently used by services such as PayPal si Google, upon authentication from the browser, the service will send a push notification message to the application on the smartphone. The user must confirm access in the browser, but not before authenticating with the biometric data on the smartphone. This way you can log in to an online account without passwords. passimwordless Authentication.
When we want to authenticate on PayPal from the browser, we have two authentication options after entering the password: "Confirm using PayPal app"And"Recive a text"
Authentication requiredPayPal - auth. in the browser.
As part of the PSD2 Strong Customer Authentication regulation, we need additional information to confirm it's really you.
On smartohone we will immediately receive a push notification to confirm the authentication.
At the moment, PayPal also requires the account password, but if the switch to biometric authentication is made, the password can be removed.
Magic Link is another authentication method without a password. During the authentication process, the user will receive a unique authentication link via email. The method is currently used by several online services as an alternative to password authentication.
Biometric authentication it is definitely the technology of the future for systems that require authentication and will be the basis for Passwordless Authentication. Apple took an important step with pass keys in replacing passwords on iPhone, iPad and Mac with biometric authentication. Touch ID si Face ID they will take the place of passwords. It is not known how long Passkeys will become a reality, but the first and most important steps have been taken.
Ethiopia recently launched Foundational ID, offering residents identity documents with biometric identification. In this way, the issuance of identity cards (ID) is made easier, the dependence on digital cards is minimized, and the new IDs with biometric data will be able to be used both online and offline.
The Ethiopian government has chosen T5-ABIS BE (Biometric Engine) from TECH5 as a solution for facial scanning, fingerprint and iris scanning for biometric identification.
In conclusion, in a few years authentication without passwords will become available to anyone, and the processes of registering an account on a platform and authentication will be done through biometric ID.