Pros and cons of passwordless authentication

Most people use multiple passwords every day. However, you've probably had the frustrating experience of trying to buy something online and forgetting the password for that e-commerce site. Passwordless authentication is likely to provide a better alternative, but also carries certain risks.

Passwordless authentication verifies a person's identity through more secure options than a password or any other mnemonic. Unnoticed, you may have used some kind of passwordless login technique. These include:

Biometrics : Prove your identity with a method such as fingerprint or face recognition.
Magic link : Click the single-use link containing the verification code to access the passwordless login site.
Hardware key : Rely on physical devices, such as USBs, to authenticate users.
One-time password (OTP) : Use a merchant-generated code to log in instead of a previously selected password.
Some people argue that the OTP option is not part of the passwordless login group, because it still requires the password to be entered after all. However, the access codes are short-lived, which sets them apart from traditional passwords.

Passwordless authentication is also scalable. A recently released security hardware key from Yubico includes a fingerprint reader for added protection. It also encrypts the data transmitted between the key and the component that stores the fingerprint information.

Where can you try passwordless shopping?
As of January 2021, Statista reports that more than 4.66 billion people worldwide have access to the Internet . Experts believe this has contributed to the recent boom in e-commerce. However, it may be a while before passwordless shopping becomes a mainstream.

If you want to use the Microsoft Store or another Windows service without a password, there are four ways to do it. You can use the Microsoft Authenticator app , Windows Hello , a security key, or an OTP sent to your phone or email.

Shopify also has a number of apps that allow store owners to add different types of password authentication to their stores.

Despite some questions as to whether passwordless authentication is realistic, Google has also signaled its gradual transition to a password-free future. An existing example is the security key built into Android phones running 7.0 or later. It checks the Bluetooth signal transmitted between the security key and the device you use to sign in to Google services. 

In addition, shopping without a password is still a unique service. However, technology exists to support online stores, so you may soon start seeing passwordless login website options.

Pros and cons of using the Internet without a password
Authentication without password still has certain risks
Authentication without password still has certain risks
Some e-commerce experts suggest that passwordless shopping could be the solution for online purchases. Ultimately, the goal is to give people the smoothest buying experience possible. No need to remember the password will definitely take the hassle out.

Similarly, they also argue that passwordless authentication is more secure than using user-generated passwords, because too many users now set passwords that are easy to guess. Additionally, a 2019 survey found that 65% of people have reused passwords across multiple sites. That habit could allow hackers to access more accounts through stolen credentials.

However, not using a password also carries risks, such as someone being able to steal the physical security key. The researchers also found that the OTP method could fail in 80% of cases, because the interceptors obtained the code before the legitimate user received it. Bad guys have also forged biometric information with everything from Play-Doh to 3D masks.

Another problem, especially within the enterprise, is that many business leaders and employees feel reluctant to accept new technology. They may have been using passwords for decades and aren't ready to change that habit now. Without entering a password when purchasing new office supplies, some people may initially complain or wonder about the transition.

Is passwordless shopping right for you?
Let's look at the security methods available. Buying a hardware key and keeping it carefully is a safe bet. However, using the phone for authentication is not as secure a solution. The OTP may not reach you. Someone can hack your biometrics if you lose your phone. Some people suggest combining at least one of the options above with systems that analyze user behavior, such as how fast they type or how they hold their phone.

Passwordless authentication isn't without risk, but so is any other method you use to access the Internet. All have the potential to be hacked by sufficiently skilled bad guys. Weigh the risks and benefits of each before proceeding.

What is user authentication? How does this feature work?
What is CAPTCHA? What types of CAPTCHAs are there?
How to manage two-factor authentication (2FA) accounts with Authy
What is two-factor authentication and why should you use it?

Electronic Journal of Finance
Editorial: 4th Floor, Project Building, No.4, Hang Chuoi 1 Lane, Hai Ba Trung District, City. Hanoi
Tel: 024.39330038, 028.39300434
Only reissue information from this website with the consent in writing of Electronic Journal of Finance
© 2009 - 2020. All rights Reserved