Passwordless authentication: Advantages and methods to start using it

Introduction
Passwordless authentication: Advantages and methods to start using it

Passwordless authentication is a rising trend in login and signup processes. Today, we analyze its rise, its advantages and the methods to implement it.

"Passwords are so 2008"

Online accounts have become a general standard to navigate and execute any action online. Going shopping, studying, working or managing your online identity require a personal account, that usually comes with password setting.

While the coupling of email plus password have reach a peak and became the general rule, most experts on security and authentication agree on one point: passwords are a thing of the past.

According to Swoop, 75 % of users abandon a site after a password reset and 30 % os users quit a payment process if it requires setting a password. We just have to think about our own experience as users: setting yet another password goes against all your UX efforts.

Password setting belong to the past, so start embracing passwordless authentication.

Advantages of a passwordless login or signup

As an alternative to passwords, passwordless authentication presents several benefits that can't go unnoticed: frictionless setup, better conversion rates, reinforced security and cheaper maintenance are some of them.

Frictionless signup process

One click is all it takes to be authenticated with all the security standards your business needs.

Increase conversion rates on forms

Passwordless authentication provides a user-friendlier experience. A smoother passwordless login system ensures completion of signups and payments.

Reinforced security

Passwords come along obsolete aspects, such as passwords databases. Eliminating them neutralizes chances of theft or security breaches. Even when the security of the databases is optimal, passwords tend to be predictable and to be repeated, due to redundant authentication with passwords.

Reduced costs and maintenance

A collateral damage of password setting is managing and restoring all those forgotten passwords. According to a research carried out by Forrester Research, big companies save up to 1 million dollars on password management.

How to implement a passwordless login in your forms

Passwordless login or signup can be executed with authentication systems such as a one-time passwords or magic links. Both can be sent to the user via email, notification, or SMS.

Passwordless authentication with one-time passwords

One-time passwords (OTPs) are unique codes, linked to a particular user, and only valid for a certain amount of time. OTPs are sent to the user to their email or phone and they allow authentication when the user enters the code correctly.

It is frequent to see OTPs working in multi-factor authentication systems, as a complement to passwords. Still, they can be used as the only authentication method so your users can forget about password setting.

Magic links are authenticated URLs, containing tokens that verify and authenticate users, just y clicking it. They can be sent to users via phone (SMS or notification) or via email.

Slack's signup processes requires only an email address. Then, a magic link will be sent to grant access to the user's workspaces.

Just like one-time passwords, they can be used as a standalone authentication factor or as a part of a multi-factor auth system.

Implementing passwordless connections with Arengu

Build passwordless login or signup with Arengu is an easy and intuitive process and you can do it without coding.

First, use the Forms editor to create the visible part of the passwordless form. Use the drag-and-drop editor to add the fields you need. You can divide them into different steps, if you wish. Once you're done, you start building the logic behind your form, that will include your preferred passwordless connection method.

How to implement passwordless OTPs with Arengu

To grant access to your users with one-time passwords, go to Flows and add the Generate one-time password action. This action will generate a unique code that you must link to a reference (the user's email or phone, in this case).

You can send the OTP via email by using the native actions (SendGrid or MailJet) on the Flows editor. If you want to use a different email sender, you can build an HTTP request instead. OTPs can also be sent to the user's phone. To do so, choose one of the native actions (such as Twilio or Telegram) or build your own to use your own SMS provider with an HTTP request.

To add magic links to your signup processes, go to the Flows section. There your can add actions and interconnect them to create your form's behaviour.

In this example, you can see there is an email verification action that filters spam accounts and bots, to ensure a better quality of users. After the email is verified, an authentication token is generated and sent to the user's email.

To generate an auth token, you'll have to build an HTTP request calling your preferred API.

Just like it happens with the OTP sending actions, you can either choose a native action to send it via email or phone, or build your own with an HTTP request.

Remember you have to connect your flows with your forms. Go to Forms > Flows, and add the flows to the stage you prefer.

Other types of passwordless authentication with Arengu

One-time passwords and magic links are not the only methods to implement passwordless connection on your forms. Do you run a WordPress site? Learn how to create a passwordless login for WordPress. Arengu allows a complete personalization of the logic behind your forms. With a little help from your development team, you can add HTTP requests and build anything you can imagine.

Do you feel like giving Arengu a try? Sign up for free and start building your own passwordless authentication systems for your forms.

View Comments
Next Post

A guide on trending authentication and signup flows, for any tech stack

Previous Post

How we failed getting in top #5 on Product Hunt