Many services and applications had begun to apply passwordless authentication, an authentication method that dismisses the use of passwords. The importance of Passwordless authentication has been increasing rapidly in this recent years. Hence, the hype that revolves around passwordless authentication had brought many opinions on the method, in which some may be misinterpreted. This post aims to provide clarity on passwordless authentication specifically on how does Passwordless authentication work?
In order to discuss how does passwordless authentication work, let’s first get to know the type of passwordless authentication. Basically, any form of authentication that does not involve the use of password is classified as passwordless authentication. Nevertheless, the commonly used passwordless authentication include SMS-based, email-based and biometrics.
SMS-based involves users providing phone number to request for unique code to gain access to services and applications.
Email-based involves users providing email address to request for magic link or unique code to gain access to services and applications.
Biometrics involves the use of fingerprint scanning, iris scanning, or facial and voice recognition for access to services and applications.
At its core, passwordless authentication is a three-way interaction process between user, service provider and identity provider. So what happen when a user try to access an application or services using passwordless authentication?
Basically, when an attempts is made to access a service, the user need to provide information to the identity provider for authentication (In case of passwordless authentication – the types of passwordless authentication that we previously discuss). User will then request for access, and through authentication by the identity provider, security token will be generated and provided to the service provider. This security token which carries the identity of the user allows the service provider to provide appropriate access to the requester.
While the passwordless authentication seem like a complex process, it actually helps simplify IT operations. Users are no longer needed to key in passwords for credential, spend time and cost on password managers and most importantly it helps enhance security.
E-SPIN Group in the enterprise ICT solution supply, consultancy, project management, training and maintenance for corporation and government agencies did business across the region and via the channel. Feel free to contact E-SPIN for your project requirement and inquiry.
Other post you may be interested in:
1. Passwordless Authentication-is it the end for password era?
2. What is Passwordless Authentication ?
