Why You Shouldn’t Use Passwords for
Your App/Website Login
By: Mohammad Halim
November 23, 2022
Since the creation of passwords in 1961, users have relied heavily on the trust of their login information, as “51% of people use the same password for work and personal accounts”. However, as more social media platforms and more websites started to arise with password login methods, so have new cases of identity theft. Hackers have found new methods to target your users’ security, and they have adapted to technology’s advanced security systems. Approximately 18% of all accounts get accessed within one hour. Below are several reasons why passwords for your platform can be risky for your users.
Password Managers Means Easier Access for Hackers
With platforms keeping password logins, CEOs have found new ways of helping their users access their profiles easier. One of these methods is to save passwords onto your device by using a password manager. Once a user creates a new password and logs into their new account, websites often feature a “save username and password” button. Or Google will often recommend saving your login information. Although this is convenient for users, it results in an underlying problem. If your mobile device or laptop is stolen, your social media accounts and website profiles can easily be accessed. Banking corporations such as Wells Fargo, Bank of America, and Chase where you can access routing account numbers and transfer money using Zelle, have implemented saved passwords.
During 2020, platforms and websites were adjusting to a new online world as the COVID pandemic spread viciously. As more people stayed indoors, more users started creating new accounts for servers such as Zoom. TikTok, a social media platform, started to arise in user numbers during the 2019 pandemic. However, despite the growing population quarantining, users were still getting their privacy stolen. In 2020 alone, 174.4 million people had their information breached. Even without saved passwords, hackers have found ways to breach users’ devices and display all their personal information, including their passwords.
Single Sign-on vs. Passwords
A single sign-on is a login method for users to verify their identity that only requires one set of login credentials. Instead of passwords, single sign-ons, or SSOs, use alternative methods, such as inputting a code sent to the user’s device. With SSOs, users no longer have to remember their various and copious amounts of passwords. This reduces the number of passwords a user has. Thus, it decreases the chances of someone hacking into your account, which increases the user’s safety.
Like password managers, single sign-ons account for the users time and accessibility onto platforms. SSOs are a fast and easy login method for the user’s convenience. Password managers, on the other hand, require a password login; making it challenging for users to remember if they create an account on a new platform. SSOs eliminate the need for passwords entirely, which saves the user time trying to create a new password if they forgot their previous one. This also creates more productivity, as companies regularly have to reset their entire login methods in order to ensure security.
Many corporations are already adopting the single sign-on method. Google, for example, adopted SSOs to sign onto their servers; products such as YouTube and Google Drive let users sign in with single sign-on. Users can also use Google to sign on for third party websites. Social media platforms that now use Single Sign On include LinkedIn, Twitter, and Facebook.
Companies who adopted Single Sign On also increased revenue and saved money. A study in 2019 found that 57% of employers had to reset at least one password for their work and business account. This causes delays for workers such as IT’s to help out guests in need, which costs time and money.
human ID’s Single Sign–on
At human ID, we prioritize safety, security, and efficiency for our users. human ID is a single sign-on service that requires the users to input their phone number, then is sent an automatically generated passcode that the user then inputs onto whichever device they are using. Your users can login with human ID with website browsers or apps. After the user has successfully logged into their account, the phone number is then erased from the system’s memory, making all private data from the user untrackable for hackers. Each account and identity cannot be traced back, which strengthens your website’s security.
human ID takes into account many different situations your users can be in. It is not uncommon for people to change their phone numbers, especially regarding suspicious or scam calls targeting a specific phone number. If your users do change their phone number, human ID has an alternative way of logging in by using our human ID account recovery option. With our recovery option, users input their new phone number into their accounts that was linked with their old phone number.