Growth & Marketing
October 25, 2020
June 16, 2020
Growth & Marketing
October 25, 2020
June 16, 2020
Passwordless authentication is a rising trend in login and signup processes. Today, we analyze its rise, its advantages and the methods to implement it.
Online accounts have become a general standard to navigate and execute any action online. Going shopping, studying, working or managing your online identity require a personal account, that usually comes with password setting.
While the coupling of email plus password have reach a peak and became the general rule, most experts on security and authentication agree on one point: passwords are a thing of the past.
According to Swoop, 75 % of users abandon a site after a password reset and 30 % os users quit a payment process if it requires setting a password. We just have to think about our own experience as users: setting yet another password goes against all your UX efforts.
Password setting belong to the past, so start embracing passwordless authentication.
As an alternative to passwords, passwordless authentication presents several benefits that can't go unnoticed: frictionless setup, better conversion rates, reinforced security and cheaper maintenance are some of them.
One click is all it takes to be authenticated with all the security standards your business needs. When compared to passwords, passwordless authentication is the optimal user experience for the user: easy, fast, simple and secure.
Passwordless authentication provides a user-friendlier experience. A smoother passwordless login system ensures completion of signups and payments.
Passwords come along obsolete aspects, such as passwords databases. Eliminating them neutralizes chances of theft or security breaches. Even when the security of the databases is optimal, passwords tend to be predictable and to be repeated, due to redundant authentication with passwords.
A collateral damage of password setting is managing and restoring all those forgotten passwords. According to a research carried out by Forrester Research, big companies save up to 1 million dollars on password management.
Passwordless login or signup can be executed with authentication systems such as a one-time passwords or magic links. Both can be sent to the user via email, notification, or SMS.
One-time passwords (OTPs) are unique codes, linked to a particular user, and only valid for a certain amount of time. OTPs are sent to the user to their email or phone and they allow authentication when the user enters the code correctly.
It is frequent to see OTPs working in multi-factor authentication systems, as a complement to passwords. Still, they can be used as the only authentication method so your users can forget about password setting.
Magic links are authenticated URLs, containing tokens that verify and authenticate users, just y clicking it. They can be sent to users via phone (SMS or notification) or via email.
Just like one-time passwords, they can be used as a standalone authentication factor or as a part of a multi-factor auth system.
Build passwordless login or signup with Arengu is an easy and intuitive process and you can do it without coding.
First, use the Forms editor to create the visible part of the passwordless form. Use the drag-and-drop editor to add the fields you need. You can divide them into different steps, if you wish. Once you're done, you start building the logic behind your form, that will include your preferred passwordless connection method.
To grant access to your users with one-time passwords, go to Flows and add the Generate one-time password action. This action will generate a unique code that you must link to a reference (the user's email or phone, in this case).
You can send the OTP via email by using the native actions (SendGrid or MailJet) on the Flows editor. If you want to use a different email sender, you can build an HTTP request instead. OTPs can also be sent to the user's phone. To do so, choose one of the native actions (such as Twilio or Telegram) or build your own to use your own SMS provider with an HTTP request.
To add magic links to your signup processes, go to the Flows section. There your can add actions and interconnect them to create your form's behaviour.
In this example, you can see there is an email verification action that filters spam accounts and bots, to ensure a better quality of users. After the email is verified, an authentication token is generated and sent to the user's email.
To generate an auth token, you'll have to build an HTTP request calling your preferred API.
Just like it happens with the OTP sending actions, you can either choose a native action to send it via email or phone, or build your own with an HTTP request.
Remember you have to connect your flows with your forms. Go to Forms > Flows, and add the flows to the stage you prefer.
One-time passwords and magic links are not the only methods to implement passwordless connection on your forms. Do you run a WordPress site? Learn how to create a passwordless login for WordPress. Arengu allows a complete personalization of the logic behind your forms. With a little help from your development team, you can add HTTP requests and build anything you can imagine.
Do you feel like giving Arengu a try? Sign up for free and start building your own passwordless authentication systems for your forms.