A modern, human-centric approach to a deceptively complicated authentication method.
Passwords and their encryption technologies, like hashing passwords and salting passwords, have been around for decades. We've built on top of that, giving the password some modern upgrades to not only improve security and the end user experience, but to also act as the bridge to passwordless.
65% of people reuse passwords for some or all accounts1, making them vulnerable to credential stuffing and password spraying attacks. It doesn't matter how strong your password hash is if a bad actor simply knows the underlying password. Stytch integrates with HaveIBeenPwned and prevents users from setting passwords that are present in their password breach dataset of nearly 12b compromised credentials.
Stytch uses Dropbox's zxcvbn password strength estimator2, which protects against easily guessed passwords that pass the typical requirements (e.g. P@ssword1) while still allowing passphrases that can be memorized by humans but are difficult for computers to guess (e.g. uncorrelateddemon). It's a simple way for our customers to automatically better adhere to the NIST password guidelines.
When a user initiates a forget password flow, Stytch offers the user the option to skip the reset and just log in via Magic Link, or to both reset and log in. When these flows are triggered, users often just want to access their account, not actually change their password.
Stytch not only deduplicates accounts by email, regardless of authentication method, we also do so safely to prevent pre-account hijacking. Other companies simply don't support deduplication, or do so in a way that exposes users to account takeover attacks.