DEV Community

Cover image for What Does Passwordless Actually Mean?
propelauthblog for PropelAuth

Posted on

1 1

What Does Passwordless Actually Mean?

Passwords have been around for a long time, and while they are easy to understand, they do come with some drawbacks. They are essential for keeping our online accounts secure, but they can also be a hassle to remember and manage. Luckily, there’s a way to log in that eliminates the need for passwords altogether: passwordless authentication. But what does that actually mean?

What is Passwordless Authentication?

As you might have guessed, passwordless authentication is a way to log into a website or app without using a traditional password. Instead, you use a different method to prove your identity, such as using your fingerprint, face recognition, a security token, or a one-time code or link sent to your phone or email.

How Does Passwordless Authentication Work?

The process of passwordless authentication varies depending on the method used, but the general idea is the same. Instead of entering a password, you provide some form alternative verifying information to prove your identity. Most commonly, you’ll see passwordless authentication in the form of a “magic link.” There’s two general ways magic links are implemented: the “Click the link in the email we just sent you” method, or the “we just sent you a code, enter it here” method.

There are other forms of passwordless authentication other than magic links. For example, with fingerprint authentication, you place your finger on a sensor to be recognized. With a security token, you would use a physical device that generates a one-time code.

Why Use Passwordless Authentication?

In terms of drawbacks to traditional authentication just using passwords, you probably already know them. People forget passwords leading to password reset flows where users could potentially churn. People re-use passwords meaning if one site is compromised, all their accounts can be compromised. Some sites make bad password requirements that don’t do much to protect their users and can both drive users away or force them to pick less secure passwords.

With passwordless authentication, a lot of these concerns go away. Passwords that are compromised don’t affect services that don’t use them. Many passwordless methods use devices like mobile phones to create incredibly easy flows, meaning less churn through the product or service. Not to mention passwordless can be faster and easier, making it even more convenient.

What Are the Drawbacks of Passwordless Authentication?

While passwordless authentication is more secure than traditional passwords, it’s not without its downsides. For example, biometric information can be stolen or spoofed, and one-time codes can be intercepted if they are sent via insecure channels. Another concern could be with magic links or one time passcodes landing in spam or promotions sections of an end user’s email, making for a bad user experience logging into your product.

Passwordless authentication is an innovative and secure way to log into websites and apps without passwords. By eliminating the need for passwords, it makes logging in faster, easier, and more secure. While it’s not without its downsides, passwordless authentication is a promising technology that has the potential to improve the security and accessibility of our online accounts.

Sentry blog image

How to reduce TTFB

In the past few years in the web dev world, we’ve seen a significant push towards rendering our websites on the server. Doing so is better for SEO and performs better on low-powered devices, but one thing we had to sacrifice is TTFB.

In this article, we’ll see how we can identify what makes our TTFB high so we can fix it.

Read more

Top comments (0)

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay