Passwordless authentication

In most common implementations users are asked to enter their public identifier (username, phone number, email address etc.)

"[3] Eric Grosse, VP of security engineering at Google, states that "passwords and simple bearer tokens, such as cookies, are no longer sufficient to keep users safe.

Bonneau et al. systematically compared web passwords to 35 competing authentication schemes in terms of their usability, deployability, and security.

The authors conclude with the following observation: “Marginal gains are often not sufficient to reach the activation energy necessary to overcome significant transition costs, which may provide the best explanation of why we are likely to live considerably longer before seeing the funeral procession for passwords arrive at the cemetery.” Recent technological advancements (e.g. the proliferation of biometric devices and smartphones) and changing business culture (acceptance of biometrics and decentralized workforce for example) is continuously promoting the adoption of passwordless authentication.

Leading tech companies (Microsoft,[9] Google[10]) and industry wide initiatives are developing better architectures and practices to bring it to wider use, with many taking a cautious approach, keeping passwords behind the scenes in some use cases.

Example of passwordless authentication with a passkey ( Pixiv with Bitwarden )