What is login without password? Is it really safe?

Password is very important for Internet security. But with so many services, both online and offline, password monitoring is difficult. The login system without a password is starting to appear, eliminating the need to enter a password every time a user logs in to a service.

But if you don't use a password, how do you secure your account? Login does not need a password and what are they safe? Let's find out with TipsMake.com through the following article!

What is login without password?

Login without a password is an authentication system that uses alternatives to the password, then allows access to the account. For example, instead of a password, you receive an email notification, which acts as a login token. In addition, you can get a pop-up on the smartphone, allowing control of access to the account.

In particular, login without password often uses an authentication form available to ensure the identity of the user.

You may already know the login feature without a password with your Gmail account. Instead of having to enter a password every time you log in, Google can send reminders directly to the phone. The prompt displays the time and place of the login, with the option to approve or refuse to log in.

The login system does not need a password to work like?

When logging into a website, you must provide a password to unlock the account. Only you and the website know what the password is, so your account is secure. You trust the site will securely store passwords and the site itself is not vulnerable to attack.

Also, make sure you have used strong passwords for each site and service, as that is the safest measure.

However, this is not simple. Creating a strong one-time password for each site makes many users 'frustrated' so they often put a memorable password.

With authentication without a password, you don't have to trust the site just by relying on a password. Instead of entering a password each time, log in without a password using several different authentication methods.

Authentication methods do not need a password

Authentication does not need email-based passwords

The login system without the most popular password is now via email. Many users will find the email-based password-free login feature (the most familiar system) works similarly when resetting passwords.

When trying to login, you must provide an email address. The service sends a secure email to the address associated with the account. The email contains a one-time security link to log into the service account. This link includes the unique login token that the service verifies, converting it to an authentication token for a long time.

There are other variations on the email system. For example, in the case of an existing account, the service can send users a DKIM key to use once, attached to their account details. The user receives the DKIM code and enters it into the website. The site verifies the code based on the existing user details and completes the login process.

Login does not need an SMS-based password

In this case, the user enters a valid phone number. The service sends a one-time code to the entered phone number. After that, users can log in to the service. In addition, some services provide users with the 'robo-call' feature, in which text-to-speech service will read the code directly to the user.

However, SMS security should be carefully reviewed. The vast majority of us have little to worry about. But some individuals, especially those with large amounts of electronic money, have been attacked to swap SMS sim.

Login does not need biometric-based passwords

Some login methods do not need a password using the biometric scan service to authenticate the user's identity. Biometric authentication services are being introduced on more devices than ever before.

The idea is that when you want to access a website, a prompt will appear on your smartphone. You unlock your smartphone using the usual biometric system and unlocking serves to verify your identity.

However, in addition to Apple's Face ID (for third-generation iPhone X, iPad Pro devices and 7th-generation iPod Touch, as well as later products), biometric scanning on the device Mobile is not completely secure.

Using a photo is possible to 'beat' the hardware scanning faces of many manufacturers. Apple's Face ID is slightly better: Need a 3D human head model, color printing can take it down. In other cases, the fingerprint scanner allows identification based on part of fingerprint data to unlock the device.

At the present time, a login system without a biometric password is probably not the best option. However, in the future, things may change.

Login does not need a password based on the physical key

The physical security key provides a login authentication option without a password. A physical security key is a special USB security key. When you want to access your account, you must plug the security key into your computer. The online service will authenticate the account through a security key, eliminating the need for a password.

Typical examples of physical security keys include Google's Titan series and Yubico's Yubikey series.

Login without a password is the same as two-factor authentication?

These two processes are both similar and different. Login does not need a password similar to two-factor authentication (2FA) in that you access your account using an alternative authentication method. 2FA works by securing user accounts with two separate elements, usually a password and a separate device.

They are not the same, although you are using a separate device to authenticate your account when using the login feature without a password and that is the only factor.

Login without password security?

Anything that prevents users from creating bad passwords is good, right? Logging in without a password has helped remove a weakness from the end user. At the present time, login without password is not very common. Some of the main services, such as Gmail (as mentioned above) and Slack Magic Links, are using them.

The most positive point for website owners and moderators is that there is no need to handle user passwords anymore. Unencrypted passwords stored in a text file are clearly 'nightmares' (something that hackers wait for). Users who rarely access a service will no longer have to reset the password.

Logging in without a password can also help users log into the service quickly. Conversely, if you frequently log out of the service, having to re-authorize via email or SMS may become annoying.

Right now, use the password manager!

Logging in without a password will take some time to become more popular. Most major browsers (except Safari) support login without a password one way or another. In February 2019, Google also announced that devices running Android 7 (Android Nougat) and above will also receive login support without a password.

That means that login support without a password has appeared on nearly 50% of Android devices. And login standards without passwords like FIDO2 and WebAuthn will continue to receive updates, which are useful for securing authentication methods.

At the time of writing, you still need a password. Therefore, consider using a reliable password manager!