Passwordless authentication is a rising trend in login and signup processes. Today, we analyze its rise, its advantages and the methods to implement it.
"Passwords are so 2008"
Online accounts have become a general standard to navigate and execute any action online. Going shopping, studying, working or managing your online identity require a personal account, that usually comes with password setting.
While the coupling of email plus password have reach a peak and became the general rule, most experts on security and authentication agree on one point: passwords are a thing of the past.
According to Swoop, 75 % of users abandon a site after a password reset and 30 % os users quit a payment process if it requires setting a password. We just have to think about our own experience as users: setting yet another password goes against all your UX efforts.
Password setting belong to the past, so start embracing passwordless authentication.
4 advantages of a passwordless login or signup
As an alternative to passwords, passwordless authentication presents several benefits that can't go unnoticed: frictionless setup, better conversion rates, reinforced security and cheaper maintenance are some of them.
1. Frictionless signup process
One click is all it takes to be authenticated with all the security standards your business needs. When compared to passwords, passwordless authentication is the optimal user experience for the user: easy, fast, simple and secure.
2. Increase conversion rates on forms
Passwordless authentication provides a user-friendlier experience. A smoother passwordless login system ensures completion of signups and payments.
3. Reinforced security
Passwords come along obsolete aspects, such as passwords databases. Eliminating them neutralizes chances of theft or security breaches. Even when the security of the databases is optimal, passwords tend to be predictable and to be repeated, due to redundant authentication with passwords.
4. Reduced costs and maintenance
A collateral damage of password setting is managing and restoring all those forgotten passwords. According to a research carried out by Forrester Research, big companies save up to 1 million dollars on password management.
How to implement a passwordless login in your forms
Passwordless login or signup can be executed with authentication systems such as a one-time passwords or magic links. Both can be sent to the user via email, notification, or SMS.
Passwordless authentication with one-time passwords
One-time passwords (OTPs) are unique codes, linked to a particular user, and only valid for a certain amount of time. OTPs are sent to the user to their email or phone and they allow authentication when the user enters the code correctly.
It is frequent to see OTPs working in multi-factor authentication systems, as a complement to passwords. Still, they can be used as the only authentication method so your users can forget about password setting.
Passwordless authentication with magic links
Magic links are authenticated URLs, containing tokens that verify and authenticate users, just y clicking it. They can be sent to users via phone (SMS or notification) or via email.
Just like one-time passwords, they can be used as a standalone authentication factor or as a part of a multi-factor auth system.
Implementing passwordless connections with Arengu
Build passwordless login or signup with Arengu is an easy and intuitive process and you can do it without coding.
First, use the Forms editor to create the visible part of the passwordless form. Use the drag-and-drop editor to add the fields you need. You can divide them into different steps, if you wish. Once you're done, you start building the logic behind your form, that will include your preferred passwordless connection method.
How to implement passwordless OTPs with Arengu
To grant access to your users with one-time passwords, go to Flows and add the Generate one-time password action. This action will generate a unique code that you must link to a reference (the user's email or phone, in this case).
You can send the OTP via email by using the native actions (SendGrid or MailJet) on the Flows editor. If you want to use a different email sender, you can build an HTTP request instead. OTPs can also be sent to the user's phone. To do so, choose one of the native actions (such as Twilio or Telegram) or build your own to use your own SMS provider with an HTTP request.
How to implement magic links with Arengu
To add magic links to your signup processes, go to the Flows section. There your can add actions and interconnect them to create your form's behaviour.
In this example, you can see there is an email verification action that filters spam accounts and bots, to ensure a better quality of users. After the email is verified, an authentication token is generated and sent to the user's email.
To generate an auth token, you'll have to build an HTTP request calling your preferred API.
Just like it happens with the OTP sending actions, you can either choose a native action to send it via email or phone, or build your own with an HTTP request.
Remember you have to connect your flows with your forms. Go to Forms > Flows, and add the flows to the stage you prefer.
Other types of passwordless authentication with Arengu
One-time passwords and magic links are not the only methods to implement passwordless connection on your forms. Do you run a WordPress site? Learn how to create a passwordless login for WordPress. Arengu allows a complete personalization of the logic behind your forms. With a little help from your development team, you can add HTTP requests and build anything you can imagine.
Do you feel like giving Arengu a try? Sign up for free and start building your own passwordless authentication systems for your forms.