Kobi Ben-Meir is the Head of Marketing for OwnID, the passwordless infrastructure for the internet, and an award-winning marketer.
getty
You’re probably seeking ways to reduce the friction your customers face when they log on to your website or app. One of the biggest obstacles that you can help them overcome is the frustration of struggling with password-based login methods. While most people still use passwords as their primary authentication method, many businesses are switching to passwordless entry.
Each day, more and more brands are transitioning their customers to the passwordless train. You probably have already experienced, or are likely to experience, passkeys, the new standard from the FIDO Alliance. Apple, Microsoft and Google recently announced their commitment to building support for passwordless sign-ins. The push from these big players could lay the groundwork for a future devoid of passwords.
Companies of all sizes could see the benefits. But for some of your customers, it may be a difficult transition. After all, cybersecurity experts told us for years that creating strong passwords with unique logins for each of our accounts was the best way to secure account access. But businesses can now offer their customers ease and convenience without sacrificing the safety of their private information.
Here, I’ll look at the benefits of the various passwordless methods businesses use to shepherd their customers through the login process. I’ll also explain how to determine which password alternatives will likely work best for your customers.
Passwordless Benefits
Any move toward passwordless authentication for your website or app could immediately benefit both your customers and your business. Passwordless authentication can help you avoid security breaches from poor password choices and management, worry over security risks to personal information, and frustration over forgotten passwords.
As people opt for more mobile-friendly experiences, they will also want the ability to switch devices seamlessly and at will. As a result, consumers may be more accepting of password alternatives, especially on accounts containing sensitive data. A bonus benefit to your customers and your conversion and login rates is that passwordless authentication reduces the steps they must take in order to transact with you.
No-Password Login Methods
Password alternatives typically reside in one or a combination of five passwordless authentication methods. (Full disclosure: My company focuses on biometric and passkey authentication.)
1. Biometric Authentication
Consumer smartphones are suited for capturing and storing users’ physical data—most commonly, fingerprint or facial recognition—and using it to grant access. This password alternative contains the traits “something you are” and “something you possess.” For example, the phone in your possession is assumed to be yours if the fingerprints match the ones presented at registration.
2. Magic Links
The magic link authentication process enables users to log in to their accounts by providing their email address. They receive a unique link via email, which they can use to access their account. However, magic links have a short life span—usually expiring within 15 minutes—and may be slower than other methods. Furthermore, there is a risk that the magic link will be classified as spam or that the recipient won’t receive it due to deliverability issues.
3. One-Time Passwords (OTP)
One-time passwords (OTP) are popular methods for authenticating customers. Customers receive the OTP either via email or through an SMS text message that goes to the registered email address or phone number. Both delivery methods are widely used and provide a convenient way for customers to access their accounts. However, in some cases, deliverability may be an issue, and users may accidentally request multiple OTPs. This can cause confusion about which one to use, as only the most recent OTP will be valid. Nevertheless, OTP is often still a reliable and efficient method.
4. Push Notifications
Many mobile users’ preferred method of no-password access is through push notifications. The app sends a push notification to a registered device so the user can open the app. The verification involves “something you have,” which is the device on which the app resides. The only constraint with this method is that the user is required to install the brand’s application on their mobile device in order to receive the push notification, which might prove to be difficult in the long run.
5. Authenticator Apps
Another option for passwordless authentication is the use of authenticator apps. These apps generate time-based one-time codes that can be used to log in to accounts. The user must have the app installed on their device, and the device must have internet access in order to receive the password. People usually use authenticator apps as a second-factor authentication mechanism.
Advice On Choosing The Right Passwordless Method
You will want to consider what passwordless login will work best for your customers. For example, if most of your traffic comes from mobile devices, consider using push notifications for logins. However, if your app or website asks users to share financial or other secure information, you may want to opt for multifactor authentication for an added security layer. The primary task for the business owner is to determine the right balance between what your customers will accept and what in that category will offer them the best protection.
Ensuring your customers get the best user experience (UX) from your website or app can be challenging. A smooth implementation may require extensive integration work, depending on your current identity management system. Third-party vendors may be able to help you save money while efficiently moving to passwordless authentication. Vendors dedicated to identity verification should be able to explain how they can protect your company from potential added liabilities of security threats. And, just as importantly, they should be able to ensure that you and your users know your login system is as safe and easy to use as possible.
Forbes Communications Council is an invitation-only community for executives in successful public relations, media strategy, creative and advertising agencies. Do I qualify?
