Users may already be using passwordless authentication on some services, but are they aware of the risks and benefits of passwordless authentication?
Most people use multiple passwords for different online services and sometimes get confused because they don’t remember what password they need to sign in with.
Therefore, passwordless authentication is likely to provide a better alternative, but what are the risks?
How passwordless authentication works
Passwordless authentication is verifying a person’s identity through more secure options than a password or any other piece of mnemonic information. The user may have used several types of passwordless login techniques, including:
- Biometrics: Prove identity using a method such as fingerprint or face recognition.
- Magic Link: Click the single-use link containing the verification code to access the passwordless login site.
- Hardware Key: Rely on physical devices, such as USB drives, to authenticate users.
- One-time password (OTP): Use a merchant-generated code to sign in instead of a previously selected password.
As of January 2021, Statista reports more than 4.66 billion people worldwide to have internet access, which experts believe has contributed to e-commerce.
If you use the Microsoft Store or another Windows service without a password, there are four ways to do that. Users can use the Microsoft Authenticator app, Microsoft Hello, a security key, or an OTP sent to their phone or email.
Advantages and disadvantages
Some e-commerce experts suggest that passwordless shopping could be the solution to quick purchases. Because the goal is to give people the smoothest shopping experience possible, without the need to remember passwords.
Similarly, passwordless authentication is more secure than user-generated passwords because too many users now set passwords that are easy to guess. Additionally, a 2019 survey found that 65% of users reused passwords across multiple sites. That habit could give hackers more access to stolen credentials.
But using passwordless authentication is not without risks, as someone could obtain the physical key, or the OTP method is sometimes unstable. In addition, there is also a method of spoofing biometrics using a 3D mask.
Passwordless authentication is not without risk like other methods users use to access the internet. Therefore, users still need to protect their passwords carefully and choose the safest method to use.