What Are the Pros and Cons of Passwordless Authentication?

You might already be using passwordless authentication on some services. But what are the risks and benefits of a password-free society?

Most people use numerous passwords on a typical day. However, you’ve probably had the frustrating experience of trying to buy something online and forgetting your password for the e-commerce site. Passwordless authentication potentially offers a better alternative, but what are the risks?

How Does Passwordless Authentication Work?

Passwordless authentication verifies a person’s identity through more secure options than passwords or any other piece of memorized information. You may already use some types of passwordless login techniques without realizing it. They include:

• Biometrics: Proving your identity with a method such as your fingerprint or facial recognition.
• Magic links: Clicking a single-use link containing a verification token to access a passwordless login website.
• Hardware keys: Relying on physical devices, such as USB drives, that authenticate the user.
• One-Time Passwords (OTP): Using a numeric code generated by a merchant to login rather than a previously chosen password.

Some people argue that an OTP should not fall under the passwordless umbrella. After all, it still requires typing in a password. However, the access codes only last for short periods, making them slightly different from traditional passwords.

Passwordless authentication can also span more than one category. A recently released hardware key from Yubico includes a fingerprint reader for extra protection. It also encrypts data passed between the key and the fingerprint information storage component.

Where Can You Try Passwordless Shopping?

As of January 2021, Statista reported over 4.66 billion people worldwide having internet access, which experts believe contributed to the recent e-commerce boom. However, it could be a while before passwordless shopping becomes mainstream.

If you want to use the Microsoft Store or another Windows service without a password, there are now four ways to do that. You can use the Microsoft Authenticator app, Microsoft Hello, a security key, or an OTP sent to your phone or email.

Shopify also has a couple of apps that let store owners add various types of password authentication to their stores.

Despite some questioning whether passwordless authentication is realistic, Google has signaled its gradual transition toward a password-free future, too. One example available now is the security key built into Android phones running 7.0 and above. It checks for a Bluetooth signal passing between the security key and the device you use to sign in to Google’s services.

Beyond that, shopping without a password is still a niche offering. The technology exists for stores to offer it in the background, though, so you might start seeing more passwordless login website options soon.

The Pros and Cons of Passwordless Internet Usage

Some e-commerce experts think passwordless shopping could be the solution for cart abandonment. After all, the goal is to provide people with a buying experience that’s as smooth as possible. Not having to remember a password would certainly remove one hassle.

They similarly claim that passwordless authentication is more secure than user-generated passwords because too many users set easy-to-guess passwords. Additionally, a 2019 survey found that 65 percent of people reused passwords on multiple sites. That habit could give hackers greater access to stolen credentials.

However, going password-free is not without risks. Someone can steal a physical security key. Researchers also found that the OTP method could fail in up to 80 percent of cases due to interception bots that grab the code before the rightful user can. People have also spoofed biometrics with everything from Play-Doh to 3D masks.

Another issue, especially within enterprises, is that many business leaders and employees feel reluctant to embrace new technologies. They have likely used passwords for decades and may resist doing something new now. If the new way of buying office supplies means not entering a password, some people may initially complain or question the switch.

Is Passwordless Shopping Right for You?

Consider the security methods available to you. Buying a hardware key and keeping it in a safe is a secure option. However, using your phone to authenticate is a more questionable solution. OTP codes may not reach you. Someone could hack the biometric element if you lose your phone. Some suggest combining at least one of the options above with systems that analyze people’s behavior, such as how fast they type or how they hold their phones.

Authenticating yourself without a password is not risk-free, but neither is any other method you use to access the internet. All are potentially hackable for a dedicated and sufficiently skilled malicious party. Weighing up the risks and benefits of each one informs you before proceeding.

About The Author