Passwordless Authentication

Security is of utmost importance at HyperLinq

Big Problem

Both HyperLinq and our customers agree that we need to log-in safely. For users, it’s important that they trust the login of our apps because they are handing over sensitive information. For HyperLinq, keeping that information safe is of the utmost importance.

So when it comes to a new way of login, skepticism is natural. Is it really safe to have no password? In the case of passwordless authentication, that reaction is particularly strong, because we are so used to our old ways of using login id and password.

Problem is –

  • more than 73% of people use the same password across multiple websites and apps. 54% of people use 5 or fewer passwords across their entire online life. on average 6 unique passwords are used to guard 24 online accounts.

  • These statistics do not necessarily mean that HyperLinq customers fall into one of these categories. But we need to be cautious.

So big question is why do we use weak or the same passwords across the apps. The answer is very simple, it is incredibly hard to remember multiple passwords. This alone drives so many risky behaviors like –

  • reusing the same password

  • writing passwords on paper

  • keeping passwords in a file on a computer connected to the Internet

  • use a password manager

Only 40% of users change their passwords twice a year.

Is passwordless secure?

Passwordless authentication eliminates the problem of using an unsafe password. This means that one of the biggest user errors is taken out of your login.

Although username + password is currently the most familiar login method, it is by no means the gold standard. Yes, much of this rests on the way that users behave. Unfortunately, humans simply aren’t built to remember and use different secure passwords.

One of the biggest skepticisms around passwordless authentication is the idea that using a channel like an email to send a code or link can be unsafe because it can be compromised. This is a legitimate concern, but a compromised email account could also be used to “reset” a password, and therefore this concern presents no additional risk for the passwordless method over username + password login.

Passwordless authentication, then, is becoming an increasingly relevant option for login. Users are connected to more devices and have more accounts than ever, which means that the passwordless approach is only growing more convenient for users. Sometimes it’s also the case that you have to save the user from themselves — and for that, passwordless is a clear winner.

What about two-factor authentication?

Passwordless authentication can also have the added benefit of two devices required for login. If you are authenticating with Google authenticator, for example, you would need the device paired with the account in order to access that account.

Of course, it is possible for devices to be stolen, but it makes malicious logins more difficult. Requiring two devices for login is part of multi-factor, which is the most secure login option.

For this very reason, we have implemented Multi-Factor Authentication.