Why are many phone apps going 'passwordless'?

Passwordless logins are no longer an experimental trend, but have become mainstream in the tech industry. Mobile applications are entering a phase where users are identified and protected in a completely different way.

Why are apps going passwordless?

For years, passwords have been the most basic shield of digital security. But as users have more and more accounts, that shield has become problematic. The need to remember multiple strings of characters has led to the widespread practice of weak passwords, creating countless holes for attackers.

According to Tuoi Tre Online 's research, a password reused on many services can become the key that opens up a whole store of personal data. when only one platform is compromised.

On mobile, the inconvenience of passwords is even more apparent. Typing long characters on a small keyboard, changing passwords periodically, two-factor authentication when logging in from a new device… all add up to a cumbersome user experience.

As the barrier gets higher, users tend to opt for easy solutions like remembering passwords in notes, using simple strings or ignoring security warnings. As a result, scanning attacks, stealing login data or login fraud are on the rise, especially on banking, e-wallet and social media applications.

The problem with the password model is that it requires humans to do something they are not naturally good at: remembering things that are not natural. Technology is therefore forced to find a way to authenticate without relying on memory , reducing the burden on users while still increasing the security of the system.

Alternative method for password-free login

The advent of the access key, more commonly known as the passkey, opened up a new approach.

This is a pair of keys, one stored on the device and one stored on the service. When a user logs in, the device authenticates their identity using its own key, combined with biometrics such as fingerprints or facial recognition.

The whole process is automatic, no passwords are transmitted, and nothing is created that can be stolen or reused on another service.

The difference is that the access key is tied to the device and the user's biometric identity. If someone gets your phone and can't unlock it, they can't use the access key. If a cybercriminal gets data from a service, the access key is useless to them because each key pair only works with one app.

The “non-reusable” and “unguessable” properties make the access key nearly immune to common attack techniques such as login phishing or password scraping.

Convenience is also a reason why apps boost conversion. Users no longer have to type anything, but just tap the fingerprint sensor or hold the phone up to their face. On most operating systems today, access keys can automatically sync between devices under the same account, allowing users to switch devices without worrying about interruption. For mobile services, where speed and seamlessness are top priorities, this is a step forward that fits the actual needs.

The combination of high security, fast experience and high level of automation makes access keys a more reliable choice than any previous form of password. The massive support of this platform from major technology companies has also strongly accelerated the transition across all types of applications from e-commerce, finance, health to social networks.