How to switch to passwordless authentication in 3 lines of code
Author: Romain Breysse, Cybersecurity Engineer
After working for 10 years in the telecom industry on numerous products at different position (IT, marketing, pre sales) in France and abroad , Romain joined inWebo to know to more about the dynamic cyber industry.
As a pre sales ingenior at inWebo, Romain helps our prospects and customer to implement our strong authentication solution and apply best practices in term of cyber defense.
In the digital world, it is a given that enhancing the security of a system inevitably involves a degradation of the user experience.
Our daily experience proves it every time we log in with the famous password: every year we have to increase the length of our passwords, add exotic characters, lower case, upper case etc...., in short, increase the complexity to strengthen the security of our accesses.
We have no choice: in this connected world, cyber attacks are multiplying and making the headlines every week - social engineering, password leakage, phishing, malware, ransomware etc. Drastic measures must be put in place within companies to combat these new threats. IT security has become indispensable.
So when the CISO announces that he is going to increase security, users get scared, they shake: what are we going to have to do tomorrow to access our e-mails :
- Type a 20 character password? Somebody PLEASE help!
- Use an extra physical key? I already have enough keys!
- ZeroTrust security? I won't have access to anything?
- A passwordless policy? But where's the security?
- Or add multi factor authentication on all accesses? What is this barbaric name, will it be worse than the password? ... Nooo!
In this article, we will explain that these fears are not inevitable and we will show you, with a technical demonstration, how inWebo MFA can actually improve the user experience while increasing security!
No more passwords. Long live the Passwordless!
Everyone uses a password; over the years we have learned to log in with the login/password combination.
However, with the development of computer computing power and the networking of all applications, the security level is getting lower by the day: protecting bank and client accounts with a simple password is careless.
Of course, we can always choose a longer and/or more complex password to enhance security but the negative impact is immediate on the user experience.
This method is not viable over time and is already showing its limits today both humanly and technically.
Does multi factor authentication (MFA), an essential protection, make the customer experience more complex?
In the face of new threats, regulations are tightening to protect access more effectively. In response, technologies are emerging to replace the password, such as strong authentication.
Strong authentication involves combining different factors to confirm a user's identity by generating a one-time password (OTP or One Time Password) for each connection:
What I own
What I know
What I am
For instance, the European PSD2 regulation requires banks and online retailers to secure access with strong customer authentication as soon as possible (the deadline is regularly pushed back because the players are not yet ready). Banks have reinforced security so far by sending a one-time password by SMS but even this technique shows its limits in terms of security and ease of use.
Numerous articles are flourishing on the Internet to point out the complexity of MFA (multi factor authentication), which risks pushing users to give up online shopping, hurting online retailers' bottom line.
This fear is unfounded; inWebo has developed the right answer: passwordless multi factor authentication, with a very high security level and providing an even simpler user experience than the login/password combination.
How inWebo's passwordless MFA solution streamlines the user experience
Passwordless: What if you could swap your password for a simple PIN code and reach a higher security level?
Today, on a daily basis, your user types a 10 character password like "Im_FrgttngMyPwd? "This is not very practical.
Tomorrow, with inWebo, switch to passwordless and allow your user to log in simply by typing an easy to remember PIN code (a 4 or 6 digit knowledge factor) within their possession factor such as our browser token which will be your user's default browser.
In short, passwordless multi factor authentication by inWebo MFA
Without multi factor authentication
With inWebo MFA SaaS Multifactor Authentication
How is that possible? How can you ensure access security with only a 4 digit PIN code?
It is important to understand that the 4 digits are only one of the factors needed to authenticate. These 4 numbers alone are of no use. They can only be used on the possession factor created by the user: in the example above a browser token chosen and created during the enrollment phase*.
Entering its knowledge factor is only possible on a browser that has been transformed into a possession factor, in other words a trusted browser.
On the other hand, we are talking about a knowledge factor and not a classic password: the knowledge factor is not transmitted via the network at each authentication and is not stored in a classic database. As a result, it cannot be attacked like a regular password.
How will a user create his possession factor, his token?
To be able to authenticate, the user will have to take an extra step to create his possession factor. This step only needs to be done the first time: in everyday life, he will only have to enter his PIN code.
This procedure, called enrollment, takes about 1 minute: the user will, for example, receive an e-mail with a link, he will have to click on this link. A new page will then open on his default browser to ask him to set his knowledge factor.
That's it. It's over. The user has just defined his two factors: by creating both a browser token (his default browser) and his knowledge factor. Fast and efficient.
He can now authenticate himself only through the specific browser that has become his possession factor by typing his knowledge factor.
Before / After inWebo's passwordless MFA
Forget the password headache
Simplify the login experience
As an additional benefit, we also found that support teams were less solicited by requests to reset forgotten or blocked passwords. User will inevitably make fewer mistakes with a simple knowledge factor in the form of a PIN code to remember.
Everybody wins: users and IT support teams.
How to migrate to passwordless multi factor authentication in the blink of an eye
- add 3 lines of code,
- add a javascript function,
- to hide the original form
then make an API call to our platform.
One line to initialize the inWebo library:
In short, the following process will have been put in place:
inWebo generates an OTP
inWebo browser token (Deviceless MFA) generates an OTP
Your form receives the OTP
inWebo confirms the OTP
inWebo generates an OTP
Your form receives the OTP
inWebo confirms the OTP
You can of course go further and customize the solution in a significant way.
To this end you can find our online documentation with code examples to get you started faster.
From experience, a single developer can implement our solution in less than an hour with our standard design and in 2 days for a more advanced integration with your own design!
Enhance the login experience and effortlessly switch to passswordless
The 2 messages to remember are:
Simplifies the user experience
Quick and easy to implement
Webinar
Passwordless authentication: a very simple way to make your users happy and secure
Get in touch for a demo or to request a free trial
Our latest news
FIC 2022: inWebo presents its new CIAM solution for orchestration and adaptive strong authentication
FIC, the European cybersecurity event, is back from 7 to 9 June 2022 in Lille. The occasion for inWebo to present to the public its new Identity and Access Management offer built on the basis of the...
CIAM Orchestration: How to streamline the MFA user experience
Combining CIAM and MFA CIAM orchestration: how to make the MFA user experience smootherWith the combination of TrustBuilder CIAM orchestration and inWebo strong authentication MFA, you will be able to...
Why Passwordless MFA and Cyber Insurance are a perfect match
With the increasing number of threats and attacks on the Internet, cyber insurance has had to rethink its approach by increasing premiums and requiring risk-free processes in order to provide a secure and reliable...