Today, we’re introducing a password-based authentication solution, rebooted for the modern era.
Stytch was founded with the mission of eliminating friction on the internet. Authentication today is a frustrating experience for both developers and users and we set out to fix that. We’ve reimagined what password-based authentication can look like and believe that introducing Passwords will bring us closer to a passwordless future. In this post, we share more on why we’re launching support for Passwords and how we’ve innovated from the ground up to uplevel security and user experience.
Bridging to a passwordless future
The first major source of friction we've attacked at Stytch is password-based authentication, given the UX hurdles involved as well as the security issues it can create.
Over the past two years, we’ve created a suite of passwordless authentication solutions to serve as the infrastructure layer for a passwordless future. Passwordless authentication is more secure, more seamless, and it drives better conversion. We strongly believe that building an all-in-one authentication platform that is passwordless-first is the best path towards our vision of a frictionless internet for both developers and end users.
At the same time, we’ve also spoken with hundreds of companies of varying sizes and at different stages of growth — we’ve come to realize that not every company and customer base is ready to flip the switch and go 100% passwordless today. The username/password paradigm is still heavily entrenched in the way many end users currently engage with applications.
Research shows that while a full 92% of businesses believe going passwordless is the future for their organization, many are not ready to make the leap to a fully-passwordless authentication flow. A full 85% of IT and security professionals don’t think passwords are going away completely.
As a leader in authentication, Stytch’s job isn’t just to point the way forward but to acknowledge barriers to entry and help resolve them. That’s why we’re launching a password-based solution to meet more customers and end users where they are now and help ease them into a passwordless future.
Instead of ignoring the present state, Stytch believes that the best path forward is to meet companies and people where they are and guide them along the adoption curve towards passwordless.
Modernizing passwords
The design of password authentication really hasn’t changed much over the past few decades. We knew that if Stytch was going to take the plunge into passwords, we’d need to design a fresh and modern solution to elevate both security and user experience.
To support our customers and ensure users are given a low-friction yet secure experience, we've completely reimagined password-based authentication from the ground up.
Stytch has built four key innovations into our Passwords solution:
- Breach detection: password reuse opens the possibility of credential stuffing attacks. Stytch integrates with HaveIBeenPwnd and prevents users from setting passwords that are present in their dataset of nearly 12 billion compromised credentials. Every time someone logs in with a password, Stytch checks HaveIBeenPwnd to see if those credentials have been compromised since last authentication and triggers a password reset if a breach is detected.
- Strength assessment: in the face of password overload, users default to using easy-to-guess passwords. Stytch uses Dropbox’s zxcvbn password strength estimator, which provides a flexible strength assessment based on how resistant a password is to modern password guessing techniques. This feature is designed to make picking a strong password easy for humans to generate and hard for robots to guess.
- Safe account de-duplicating: Stytch de-duplicates accounts by email regardless of the authentication method. This allows users to change which authentication option they are using to log in to an app without accidentally creating a new account (e.g. a password user can switch to sign in via Google OAuth) or being forced to re-authenticate with the same method originally used.
- More human-centric password reset: when an end user triggers a password reset, most of the time they really just want to access their account, not change their password. With Stytch, customers have the option to integrate a traditional password-reset email OR integrate a password reset powered by Email Magic Links for a more seamless experience. We’re building our password-reset email template to be more human-centric, focusing more on UX and conversions than traditional password-reset flows.
Get started with Stytch
Stytch is committed to helping your company on its journey to passwordless authentication, no matter what stage of the adoption curve you’re in today. Our platform is modularly designed, which means it's easy to get started with low-effort, high-impact products that layer on to password-based flows and build holistically and sequentially from there.
You can learn more about our Passwords solution and discover our full suite of authentication products at Stytch.com. You can also read more about why passwordless authentication matters — or sign up for a free account and jump straight into our docs.
Share
