Over the years, passwords have been our safeguards by acting to prevent one's data from unauthorized access. With the advancement of technologies, the way we have been using passwords has changed and transformed into much secure yet more user friendly than they were ever been in the past. However, the vulnerabilities identified and observed in this traditional system has motivated industry and researchers to find some alternate where there is no threat like stealing, hacking, and cracking of password. This chapter discusses the major developed password-less authentication techniques in detail and also puts an effort to explain the in-depth details along with the working principle of each of the technique through a use-case diagram. It would be of great benefit and contribution to the callow trying to explore research opportunities in this area.
TopIntroduction
Over the years, passwords have been stolen, cracked and hacked. Fraudulent agencies can buy user information and credentials online on social media sites. Many cases have been seen worldwide like Facebook data leak, Yahoo Security Breach, LinkedIn Data Breach, DropBox User Accounts leak etc. Another reason could be to increase in the variety of applications and platforms that could force the user to remember more and more passwords (Cortopassi, M., Edward, E., 2013). As technology and its users keep on increasing with the demand-branding, publicity and efficiency of the application, there is an increase in secure channels to communicate and store passwords. Although, password-based login is more prevalent in today’s time but because of the drastic increase in internet-connected devices and user’s possessing more online accounts than ever before has made password-less authentication a more relevant alternative for secure logging-in to online accounts (Rabkin, A., 2008). It becomes difficult to memorize passwords and that would lead users to keep one password for most of the application causing them prone to hackers. This is the reason that could actively lead to an increase in security breaches and easier for hackers to capture data. This has also fostered the applications that keep a store of all user accounts and passwords associated with respective accounts that user uses locally. At this end, the password management scheme seems to be a promising and reliable factor to store tricky passwords for accessing cross-platform systems with single sign-on. The layman user thinks them as time savvy and less tedious as they keep the bulky password at one place. But the user does not understand how these applications might work behind the walls in the backend to share their sensitive information across the internet. Though, along with acceptance of terms during the installation process or registration process, the user may unknowingly allow the application to share the sensitive information (Luke, Hok-Sum H., Matthew W. T., 2015). This time the trustworthiness of a user can be tested by blindly allowing these kinds of applications to access secure accounts. The password occurrence per user stays common and relative to each other which would also cause hackers to guess passwords by using hit and try the method. This hit-and-trial method causes severe problems like gaining remote access to obtain user information stored either on a client machine or server. After facing and accepting all the challenges we are at the step of no more password breaches with a promise of more secure authentication and no password memorization at all (Chiasson, S., Elizabeth, S., Alain, F., Robert, B., Paul, C. V. O., 2012). Passwordless authentication is a critical investment on security which serves various benefits as under:
- 1.
Enhanced User Experience: New age users need notto remember the use of puzzles and questions like “What is your first pet dog name?”, “Which was your high school?” etc. This not only reduces the signup time but also eliminates users to go through a tedious registration process for new apps. They have much interactive interface and facilities than the password-based authentication.
- 2.
Improved Security: With no use of passwords we have more secure improvised security with zero passwords to remember.