The company that deleted all passwords

The company that deleted all passwords

American software company Stytch, which has long promoted the elimination of passwords, has announced a new authentication system "built for the modern era". The idea of ​​this new solution, which still uses passwords but is cloud-based, is to offer companies a way to eliminate them from their authentication systems gradually rather than suddenly. According to the statement with which Stytch announces this new solution, "not all companies are ready to move to a world without passwords", but as many as 92% of companies have plans to do so in the near future.

Although they are designed to guarantee security for users, passwords are in fact considered inefficient and risky for the security of users, so much so that important companies such as Microsoft, Google and Apple are increasingly relying on biometric solutions to authenticate users. users. In particular, Stynch identifies four problems related to today's typical use of passwords, which the system just presented solves.

The first is the tendency that many of us have of using the same password for different accounts. Obviously, although it is extremely convenient and for many the only way to remember the password for all their accounts, having the same key for different services is extremely risky. With the solution proposed by Stytch, each password proposed by the user is controlled through a database containing 12 billion passwords considered "compromised". If a match is found, the user is prompted to change.

Another essential issue for security is the complexity of the chosen password, which tends to be rather minimal when the user can choose without restrictions. Stytch intends to use Dropbox's zxcvbn password strength estimator, which is believed to be among the best on the market.

Finally, passwords are considered inefficient. On the one hand, we have so many that we often do not remember if we have logged in via Facebook, Google or email and when in doubt we tend to duplicate our account, which Stytch intends to prevent. On the other hand, when we do not remember a password, we are forced to reset it, a process that is often long, inefficient and in the long run quite useless. Stynch intends to eliminate the concept of password reset by offering alternative authentication methods, via email or mobile.

Stytch CEO Reed McGinley-Stempel explains that the company has always viewed passwords negatively, but that while waiting to arrive at a world where companies will be able to implement authentication systems that do not use them, we might as well modernize the system to maximize security. According to IronVest security company CEO Avi Turgeman, the paradox is that "passwords should be deleted for security reasons, but they will be deleted for convenience." The future, however, is passwordless.