The end of password pain: building frictionless authentication at the Guardian
5 hours ago
- #cybersecurity
- #passwordless-authentication
- #user-experience
- Signing in to The Guardian improves user experience by enabling comments, newsletter subscriptions, and personalized content through My Guardian, while also helping the Guardian generate revenue through usage data.
- The Identity and Trust team modernized the authentication platform, introducing passwordless sign-in via one-time passcodes (OTP) to reduce friction and enhance security, addressing issues like 20% drop-off during password creation and problems with verification links.
- Key improvements include replacing verification links with OTPs for account creation, reducing verification failures from 17% to 11%, and implementing OTPs for password reset and sign-in, leading to 82% of readers using passwordless authentication.
- Additional enhancements include auto-submission of passcodes, timers for resend functionality, and unified experiences to prevent account enumeration, with future plans exploring multi-factor authentication and FIDO passkeys.
- The shift to passwordless authentication aligns with industry trends, improving security against threats like credential theft and brute force attacks, as supported by findings from reports like Verizon's 2024 DIBR.