Building the future of authentication

In the world of modern applications, the methods currently used to onboard, authenticate, and engage users are broken. They cause needless friction, leading to frustrated users, lower conversion rates, and stunted growth.

At Stytch, we’re on a mission to eliminate friction on the internet while improving security. We’re building solutions that reimagine user infrastructure, starting with out-of-the-box and customizable passwordless authentication products that are easy for engineering teams to integrate. With our flexible APIs and SDKs, Stytch customers can improve user conversion, retention, and security, all while saving valuable time.

Out with the old: the problem with passwords

By the end of this decade, online passwords will be a thing of the past. They’ll go the way of the fax machine—a quaint technology that’s long outlived its innovative purpose. Ultimately, this will be a welcome shift, improving developer and user experience and bolstering companies’ bottom lines by removing obstacles to conversion.

We aren’t waiting on a breakthrough to bring this prediction to life. Simple developer tooling built on existing technologies will make passwordless authentication ubiquitous, with Stytch leading the way. But before we lay out where we’re going, let’s take a look at where we’ve been.

In with the new: the evolution of passwordless auth

Since the internet exploded in the 1990s, major authentication shifts have marked each decade.

For instance:

  • In the 1990s, as the internet went mainstream, passwords were the dominant form of authentication.
  • In the 2000s, as users opened more and more accounts, password managers—which encrypt and store online login information—were introduced to help them handle this increasingly complex landscape.
  • In the 2010s, as online technologies advanced, alternative auth methods—often referred to as “two-factor authentication”—embedded low-friction, secure hardware (like biometrics and YubiKey) and software (like APIs for programmatic text and email) into the user experience.
  • In the 2020s, as we begin to embrace passwordless authentication, resourceful companies like Slack, Medium, and Square Cash are leading the charge. Stytch is making it easy for every company to build and integrate a delightful, passwordless user experience in hours rather than months.

Even with these developments, password overload is a ballooning issue. Surveys have found that the number of password-protected accounts per user has increased exponentially in recent years, in response to an explosion of new apps and online services.

One study found that between 2019 and 2020 alone—with people likely spending more time online due to the COVID-19 pandemic—the number of passwords per user jumped 25%, from an average of 70-80 to 100.

A recent poll also showed that most users don’t take advantage of existing password managers. As a result, 37% forget a password at least once a week, increasing the likelihood they’ll abandon a commercial account or leave a purchase incomplete.

The good news? Best-in-class teams are now pushing their companies to go fully passwordless.

This shift won’t be dominated by a single authentication method (like biometrics) but will consider the trade-offs between different options. 

For many companies—especially sensitive fintech apps like Square Cash, Revolut, or Monzo— requiring multiple passwordless verification methods for increased security is becoming the norm.

Needless friction

Considering this progress, the shift to passwordless authentication feels inevitable. Still, skeptical companies may be reluctant to abandon authentication solutions they’re familiar with. A common mistake in recent years has been treating alternative auth methods as second-factor, rather than primary-factor, candidates.

Most companies are unaware that they already have passwordless flows in place, and they’ve needlessly complicated these processes for users. Whenever a customer passes through a site’s password reset protocol, they’re essentially experiencing passwordless authentication.

But instead of a seamless email login link (or a “magic link”), they’re seeing something like this:

Step 1: User forgets password.
Step 2: User clicks “Forgot password?” link.
Step 3: User enters email and requests password reset flow.
Step 4: User opens inbox and clicks the password reset link.
Step 5: User creates a new password with a set of 10 complicated rules.
Step 6: User confirms new password with 10 complicated rules.
Step 7: User is redirected to the original login page.
Step 8: User enters username and new, complicated password.

In this case, for a simple email verification, a user must navigate eight increasingly complex steps—all to set up a new, convoluted password they will likely forget in a couple of days. 

Updating tiresome login flows to newer methods like email magic links or SMS logins is just one glimpse into passwordless possibilities that will significantly boost user experience and conversion.

A better path forward

Password-dependent authentication methods are problematic for stakeholders across the board.

  • For developers building out these flows, it’s a time-consuming and error-filled process that can involve multiple engineers and many months of maintenance annually.
  • For consumers using these flows, login information piles up as they open new accounts, yielding more and more passwords they’ll forget.
  • For businesses relying on these flows, unnecessary friction increases customer acquisition costs and reduces users’ lifetime value.

Passwordless authentication platforms—like those being offered by Stytch—solve these issues with flexible APIs and SDKs that save valuable engineering time and improve an end user’s experience.

By making it simple and affordable for developers to integrate best-in-class authentication options, these solutions transform the above challenges into key benefits.

  • For developers, going passwordless saves significant resources and removes the burden of dealing with app security.
  • For consumers, going passwordless makes logging in easier, faster, and more secure while erasing the headache of memorizing or tracking passwords across accounts.
  • For businesses, going passwordless improves both user onboarding conversion and user retention over time.