"The password needs to be at least 8 characters long, with upper case and lower case alphabets, numbers, and special symbols."
How many times have you read this message and tried to come up with a strong password, only to forget it a week later? Granted, some of you may have saved it somewhere or may be using a password manager like Zoho Vault. However, for the vast majority of us, passwords are difficult to keep track of, especially if you use multiple accounts for various websites. However, with the ever-growing advances in technology, there is a way for you to sign in to your account without a password.
Introducing passwordless authentication
Passwordless sign-in is a secure way to access your account, without the hassle of trying to remember your password. At Zoho, we pride ourselves on providing our users freedom from passwords, without compromising on security.
How, you ask? Well, let's talk about OneAuth, the only tool you need for all things authentication. We launched OneAuth in 2018 and since then, we've added some new and exciting features, including passwordless sign-in.
What does "going passwordless" mean?
Simply put, "going passwordless" means signing in to your account without typing in a password.
Passwordless authentication refers to methods of verifying a user's identity without the traditional use of passwords. The identity of the user can be confirmed with a push notification sent to their mobile device, a hardware token they possess, or their biometric signature like face recognition or fingerprint ID.
Why go passwordless?
Recently, Stefan Thomas, a German programmer based in San Francisco, became famous when news broke out that he forgot the password to unlock his bitcoin fortune, which is valued at approximately 220 million USD. He allegedly wrote down his password on a piece of paper (a very insecure method, by the way) which he no longer has in his possession, and he has two attempts left to get his password right before losing his fortune forever.
Predicaments like this offer an explanation as to why organizations and individuals around the world are making the move towards passwordless authentication.
According to a recent report by research firm VansonBourne, 92% of IT professionals believe that going passwordless is the future for any organization. On the contrary, 85% believe that passwords aren't going to disappear entirely either. Instead, there needs to be a healthy balance between the two. Passwords and passwordless sign-in work better when they go hand-in-hand.
Indeed, organizations are looking at a future where their IT departments prefer passwordless authentication for all employees. It is user-friendly and easy to enable, especially with the advent of biometric technology and authentication keys like YubiKey.
Moreover, let's not forget that password breaches make companies vulnerable to data loss. With every new phishing attack an employee falls for, the organization's credibility sinks and customers begin to lose trust.
The benefits of going passwordless
Better user experience
The need to remember complex passwords no longer exists when you can simply receive a push notification on your device or scan a QR code to access your account.
Coupled with biometric authentication, your account is protected with greater security.
Organizations that encourage passwordless sign-ins are no longer burdened with the task of updating password policies, initiating password changes every month, and facilitating password reset processes. In fact, when Microsoft rolled out passwordless authentication for their employees, their overall hard and soft costs reduced by 87%.
Go passwordless with us
We at Zoho strive to provide our users with the best, and we are constantly on the lookout for innovative ways to make our products truly one-of-a-kind. In keeping with our innovative nature, we've launched a new version of OneAuth, an authentication app for Android and iOS, coming soon for Windows as well.
Check out our help guide to know more about the features of passwordless authentication with OneAuth.
Passwordless authentication is the future, and OneAuth is a step towards that.
On this year's World Password Day, celebrate your account security with Zoho's OneAuth, and comment below your thoughts on passwordless authentication.
9 Replies to OneAuth Reborn: Say Hello To Passwordless Sign-in
Hi Shreya, Recently when I tried to access my Zoho account I found out that I need to go through the verification step via OneAuth. So I have installed OneAuth on my phone and then tried to setup my Zoho account in OneAuth but I am unable to set it up as the moment I provide my account name and password, OneAuth is asking/trying to verify my account using OneAuth. Seems to be a conundrum! how do I sort this out? Thanks.
Buena Tarde, cambie de celular y no puedo autenticar el ingreso a mi correo corporativo, por favor me orientan que puedo hacer. Gracias
Hi, Mercedes! It seems that you've changed your mobile device and can't authenticate yourself to sign in. Check out https://help.zoho.com/portal/en/kb/accounts/faqs-troubleshooting/faqs/multi-factor-authentication/articles/i-m-facing-issues-with-my-multi-factor-authentication-how-do-i-get-back-into-my-account#Other_Issues for clarification.
What happens if one travels abroad and for whatever reason their mobile phone isn't working? This is the position I find myself in right now. I can't access my Zoho account because the requested verification code sent through to my phone to authenticate the user I'm not actually receiving. So even if one uses a hardware token, doesn't that same problem present if ones mobile phone isn't receiving messages. Zoho to my knowledge doesn't give the option of using a backup email address.
Hi, John! Check out https://help.zoho.com/portal/en/kb/accounts/faqs-troubleshooting/faqs/multi-factor-authentication/articles/i-m-facing-issues-with-my-multi-factor-authentication-how-do-i-get-back-into-my-account#Other_Issues for clarification. Regarding email addresses, we do have the option of account recovery through backup email address and/or backup mobile number. Please go through https://help.zoho.com/portal/en/kb/accounts/faqs-troubleshooting/faqs/email-address/articles/how-do-i-add-an-email-address-to-my-zoho-account to add an email address to your account and then read https://help.zoho.com/portal/en/kb/accounts/faqs-troubleshooting/faqs/password-recovery to understand our account recovery options. Cheers.
Loving the Passwordless authentication. Quick question though, if I turn on passwordless authentication does it automatically prevent any new password policy or do I have to change those settings on the account?
Hi, Hank! The password policy will be applied/updated automatically. You don't need to do anything manually.