Posts

Showing posts from July, 2020
# Passwordless Authentication There are some things that need to be considered before adopting a passwordless authentication process for your system. Passwordless comes with some good points and with some potential downsides. First though ... # What is passwordless authentication Passwordless authentication is a mechanism that enables users to log in without a set password by proving that they have access to something. Passwordless is often associated with a one use code or link sent to the user via email or SMS. There are other options that can include making use of the [WebAuthn](https://www.w3.org/TR/webauthn/) standard. This post focuses on the implementations using SMS and eamil. # Why is it good Simply put, because passwords are terrible. # What's wrong with passwords We as the greater collection of web users have done a bad job with managing our passwords. We forget them, we make them easy to guess by keeping them short and basing them off personal information. If …