All about auth
July 12, 2021
In the world of modern applications, the methods currently used to onboard, authenticate, and engage users are broken. They cause needless friction, leading to frustrated users, lower conversion rates, and stunted growth.
At Stytch, we’re on a mission to eliminate friction on the internet while improving security. We’re building solutions that reimagine user infrastructure, starting with out-of-the-box and customizable passwordless authentication products that are easy for engineering teams to integrate. With our flexible APIs and SDKs, Stytch customers can improve user conversion, retention, and security, all while saving valuable time.
By the end of this decade, online passwords will be a thing of the past. They’ll go the way of the fax machine—a quaint technology that’s long outlived its innovative purpose. Ultimately, this will be a welcome shift, improving developer and user experience and bolstering companies’ bottom lines by removing obstacles to conversion.
We aren’t waiting on a breakthrough to bring this prediction to life. Simple developer tooling built on existing technologies will make passwordless authentication ubiquitous, with Stytch leading the way. But before we lay out where we’re going, let’s take a look at where we’ve been.
Since the internet exploded in the 1990s, major authentication shifts have marked each decade.
Even with these developments, password overload is a ballooning issue. Surveys have found that the number of password-protected accounts per user has increased exponentially in recent years, in response to an explosion of new apps and online services.
One study found that between 2019 and 2020 alone—with people likely spending more time online due to the COVID-19 pandemic—the number of passwords per user jumped 25%, from an average of 70-80 to 100.
A recent poll also showed that most users don’t take advantage of existing password managers. As a result, 37% forget a password at least once a week, increasing the likelihood they’ll abandon a commercial account or leave a purchase incomplete.
The good news? Best-in-class teams are now pushing their companies to go fully passwordless.
This shift won’t be dominated by a single authentication method (like biometrics) but will consider the trade-offs between different options.
For many companies—especially sensitive fintech apps like Square Cash, Revolut, or Monzo— requiring multiple passwordless verification methods for increased security is becoming the norm.
Considering this progress, the shift to passwordless authentication feels inevitable. Still, skeptical companies may be reluctant to abandon authentication solutions they’re familiar with. A common mistake in recent years has been treating alternative auth methods as second-factor, rather than primary-factor, candidates.
Most companies are unaware that they already have passwordless flows in place, and they’ve needlessly complicated these processes for users. Whenever a customer passes through a site’s password reset protocol, they’re essentially experiencing passwordless authentication.
But instead of a seamless email login link (or a “magic link”), they’re seeing something like this:
Step 1: User forgets password.
Step 2: User clicks “Forgot password?” link.
Step 3: User enters email and requests password reset flow.
Step 4: User opens inbox and clicks the password reset link.
Step 5: User creates a new password with a set of 10 complicated rules.
Step 6: User confirms new password with 10 complicated rules.
Step 7: User is redirected to the original login page.
Step 8: User enters username and new, complicated password.
In this case, for a simple email verification, a user must navigate eight increasingly complex steps—all to set up a new, convoluted password they will likely forget in a couple of days.
Updating tiresome login flows to newer methods like email magic links or SMS logins is just one glimpse into passwordless possibilities that will significantly boost user experience and conversion.
Password-dependent authentication methods are problematic for stakeholders across the board.
Passwordless authentication platforms—like those being offered by Stytch—solve these issues with flexible APIs and SDKs that save valuable engineering time and improve an end user’s experience.
By making it simple and affordable for developers to integrate best-in-class authentication options, these solutions transform the above challenges into key benefits.
Keep up to date with Stytch’s new products and features through our Changelog. Jump into our Docs to learn more about our flexible, frictionless authentication solutions—or sign up for a free account to try them out for yourself. Click here to get started.