Passwords are horrible and no one knows how to fix the problem. There are too many of them, all the rules are different and few of us are memory champions.
For a while it seemed like biometric devices like fingerprint dongles would be the answer. Until they lost favour with security experts, and devices like the JAR spectacularly failed to get any traction.
But the move away from passwords may finally be taking place. Earlier this year, a subtle shift in the way you log into Google revived hope of a move towards alternate methods of authentication.
And now Auth0, a company you’ve never heard of but runs the log-in process for more than 20,000 app and service developers, is rolling out a new way to log on.
“If you happen to have an email address that you know how to connect to because you go there all the time, or you have a phone that can receive SMS, that is sufficient for many websites or applications to authenticate you,” Gianpaolo Carraro, Auth0 Country GM – ANZ and Asia told Business Insider.
In a similar way to how a user can sign up and log in to messaging service WhatsApp, Auth0 is creating the ability to log in to apps and services using a code delivered to a phone or an email address.
“[The app’s] gonna come and say hey, the first time you sign up give me a phone number, which is a unique identifier, and I will send you a code to make sure you are the owner of that phone,” explains Carraro
“A week later you come back, instead of asking you to put your username and password, I’m gonna ask you ‘Hey, what’s your phone number?’, you’re gonna put it in, and I’m gonna send you a new code and if you prove that you are still in possession of that phone number I’m gonna let you in.”
Carraro insists that this new system won’t introduce any new weak links. If someone has hacked your email address or your phone, they can access your accounts whether Auth0’s system is present or not.
Developers can already start playing with the new system on Github. Hopefully, for the rest of us, it starts to catch on.