How to switch to passwordless authentication in 3 lines of code

In the digital world, it is a given that enhancing the security of a system inevitably involves a degradation of the user experience.

Our daily experience proves it every time we log in with the famous password: every year we have to increase the length of our passwords, add exotic characters, lower case, upper case etc...., in short, increase the complexity to strengthen the security of our accesses.

We have no choice: in this connected world, cyber attacks are multiplying and making the headlines every week - social engineering, password leakage, phishing, malware, ransomware etc. Drastic measures must be put in place within companies to combat these new threats. IT security has become indispensable.

So when the CISO announces that he is going to increase security, users get scared, they shake: what are we going to have to do tomorrow to access our e-mails :

• Type a 20 character password? Somebody PLEASE help!
• Use an extra physical key? I already have enough keys!
• ZeroTrust security? I won't have access to anything?
• A passwordless policy? But where's the security?
• Or add multi factor authentication on all accesses? What is this barbaric name, will it be worse than the password? ... Nooo!

In this article, we will explain that these fears are not inevitable and we will show you, with a technical demonstration, how inWebo MFA can actually improve the user experience while increasing security!

No more passwords. Long live the Passwordless!

Everyone uses a password; over the years we have learned to log in with the login/password combination.

However, with the development of computer computing power and the networking of all applications, the security level is getting lower by the day: protecting bank and client accounts with a simple password is careless.

Of course, we can always choose a longer and/or more complex password to enhance security but the negative impact is immediate on the user experience.

This method is not viable over time and is already showing its limits today both humanly and technically.

Does multi factor authentication (MFA), an essential protection, make the customer experience more complex?

In the face of new threats, regulations are tightening to protect access more effectively. In response, technologies are emerging to replace the password, such as strong authentication.
Strong authentication involves combining different factors to confirm a user's identity by generating a one-time password (OTP or One Time Password) for each connection:

For instance, the European PSD2 regulation requires banks and online retailers to secure access with strong customer authentication as soon as possible (the deadline is regularly pushed back because the players are not yet ready). Banks have reinforced security so far by sending a one-time password by SMS but even this technique shows its limits in terms of security and ease of use.

Numerous articles are flourishing on the Internet to point out the complexity of MFA (multi factor authentication), which risks pushing users to give up online shopping, hurting online retailers' bottom line.

This fear is unfounded; inWebo has developed the right answer: passwordless multi factor authentication, with a very high security level and providing an even simpler user experience than the login/password combination.

How inWebo's passwordless MFA solution streamlines the user experience

Passwordless: What if you could swap your password for a simple PIN code and reach a higher security level?

Today, on a daily basis, your user types a 10 character password like "Im_FrgttngMyPwd? "This is not very practical.

Tomorrow, with inWebo, switch to passwordless and allow your user to log in simply by typing an easy to remember PIN code (a 4 or 6 digit knowledge factor) within their possession factor such as our browser token which will be your user's default browser.

In short, passwordless multi factor authentication by inWebo MFA

How is that possible? How can you ensure access security with only a 4 digit PIN code?

It is important to understand that the 4 digits are only one of the factors needed to authenticate. These 4 numbers alone are of no use. They can only be used on the possession factor created by the user: in the example above a browser token chosen and created during the enrollment phase*.

Entering its knowledge factor is only possible on a browser that has been transformed into a possession factor, in other words a trusted browser.

On the other hand, we are talking about a knowledge factor and not a classic password: the knowledge factor is not transmitted via the network at each authentication and is not stored in a classic database. As a result, it cannot be attacked like a regular password.

How will a user create his possession factor, his token?

To be able to authenticate, the user will have to take an extra step to create his possession factor. This step only needs to be done the first time: in everyday life, he will only have to enter his PIN code.

This procedure, called enrollment, takes about 1 minute: the user will, for example, receive an e-mail with a link, he will have to click on this link. A new page will then open on his default browser to ask him to set his knowledge factor.

That's it. It's over. The user has just defined his two factors: by creating both a browser token (his default browser) and his knowledge factor. Fast and efficient.

He can now authenticate himself only through the specific browser that has become his possession factor by typing his knowledge factor.

Before / After inWebo's passwordless MFA

Simplify the login experience

As an additional benefit, we also found that support teams were less solicited by requests to reset forgotten or blocked passwords. User will inevitably make fewer mistakes with a simple knowledge factor in the form of a PIN code to remember.

Everybody wins: users and IT support teams.

How to migrate to passwordless multi factor authentication in the blink of an eye

• add 3 lines of code,
• add a javascript function,
• to hide the original form
  then make an API call to our platform.

One line to initialize the inWebo library:

In short, the following process will have been put in place:

You can of course go further and customize the solution in a significant way.
To this end you can find our online documentation with code examples to get you started faster.

From experience, a single developer can implement our solution in less than an hour with our standard design and in 2 days for a more advanced integration with your own design!

Enhance the login experience and effortlessly switch to passswordless

The 2 messages to remember are: