In an attempt to meet companies where they are in their transition to passwordless, Stytch introduced a new password-based authentication solution “rebooted for the modern era.”
The idea behind the solution is to create a way for companies to ease into passwordless by not quitting passwords cold turkey since a full 85% of IT and security professionals don’t think passwords are going away completely yet, according to the company.
“The design of password authentication really hasn’t changed much over the past few decades. We knew that if Stytch was going to take the plunge into passwords, we’d need to design a fresh and modern solution to elevate both security and user experience,” the Stytch team wrote in a blog post. “To support our customers and ensure users are given a low-friction yet secure experience, we’ve completely reimagined password-based authentication from the ground up.”
Stytch built four innovations into the Passwords solution:
- Breach detection: Stytch now integrates with HaveIBeenPwnd, a website that allows Internet users to check whether their personal data has been compromised by data breaches. Every time someone logs in with a password, Stytch checks HaveIBeenPwnd and triggers a password reset if a breach is detected.
- Strength assessment: Stytch uses Dropbox’s zxcvbn password strength estimator, which provides a flexible strength assessment based on how resistant a password is to modern password guessing techniques.
- Safe account de-duplication: Stytch de-duplicates accounts by email regardless of the authentication method which allows users to change which authentication option they are using to log into an app without accidentally creating a new account.
- More human-centric password reset: With Stytch, customers have the option to integrate a traditional password-reset email OR integrate a password reset via Email Magic Link for a more seamless experience if people trigger a password reset if they just want to access their account, and not change their password.
“One of the things that’s changed over the last, you know, six to nine months is we get far more requests from enterprises that already have baked authentication systems that are thinking about going passwordless. And one of the really common questions that comes up there is, as you get into these like enterprises, you start seeing a much wider array of user demographics, and they have credible concerns about whether every user will be able to understand what this new technology is, and whether it’ll be comprehensible,” Reed McGinley-Stempel told SD Times. “We’re coming out with the ability to support both password lists and passwords so that we can meet both companies where they are and then end users where they are in terms of their preference.”