Stytch's business is getting rid of passwords so why is it trying to "modernize" their use? Credit: Matejmo / Getty Images Stytch, a company founded to spread the adoption of passwordless authentication, has announced what it’s calling a modern upgrade to passwords. The cloud-based solution addresses four common problems with passwords that create security risks and account friction.Password reuse. When someone tries to access an account covered by the Stytch solution, the password is automatically vetted at HaveIBeenPwnd, a dataset of 12 billion compromised passwords. A password reset is automatically triggered if the password is in the dataset.Strength assessment. When someone creates a password, its strength is automatically assessed using Dropbox’s zxcvbn password strength estimator and a suggestion made that a stronger password should be chosen.Account de-duplicating. Users might forget what authentication method they used to access their account. Did they use Facebook or Google? Did they use an email address? Choosing the wrong method can result in creating a duplicate account. Stytch prevents that by permitting an email login that allows an account to be accessed regardless of the original authentication method.Better reset. Someone wants to access their account, but their password isn’t immediately available. Rather than reset their password to access their account, Stytch offers an email alternative that allows a user to access an account without a password reset.Enthusiasm, hesitancy for passwordless authenticationStytch co-founder and CEO Reed McGinley-Stempel explains that his company was started with a negative view of passwords. “We still have a negative view of traditional password systems and a lot of the assumptions baked into them,” he says, “but if you’re a passwordless company that wants to drive passwordless adoption, you can’t ignore password innovation.”“There’s a lot of enthusiasm for passwordless, but there’s also a lot of hesitancy by organizations to take all their users passwordless,” McGinley-Stempel continues. “They don’t know if all their user demographics will enjoy passwordless or will they end up with customer experience and support issues. Because passwords and passwordless are going to live alongside each other for the next few years, we want to modernize the password so the greatest security concerns about it are addressed.” Passwords are inconvenientAlthough the Stytch solution addresses the problems of weak and compromised passwords with well-established tools, it doesn’t entirely address the password reuse issue, because it doesn’t detect passwords used multiple times but aren’t compromised. “Only the end user knows what passwords they have used for all their services,” says Simon Davis, vice president of marketing for RoboForm, a maker of password management software. While the elimination of passwords has been predicted for many years, the curtain may finally be coming down on the practice. “We’re seeing more and more solutions—especially on the biometric side—being promoted by the major players—Microsoft, Google, Apple. That, and a combination of factors, can eliminate passwords,” says Avi Turgeman, CEO and co-founder of IronVest,an account and identity security company. I think we should get rid of passwords for security reasons, but the reason they will be eliminated is because they’ve become inconvenient. The convenience of biometrics on phones will spread to the desktop and then we’ll be in a position to eliminate passwords.” Related content news CISA inks 68 tech vendors to secure-by-design pledge — but will it matter? CISA’s pledge drew some big names, but the impact on software security could be limited. Meanwhile the org has extended its comment period on the CIRCIA cyberattack reporting law. By Jon Gold May 10, 2024 4 mins Regulation Technology Industry Security Practices news Google Chrome gets a patch for actively exploited zero-day vulnerability Details of the use-after-free memory vulnerability were not publicly released, but Google says it’s aware an exploit for the bug exists. By Lucian Constantin May 10, 2024 3 mins Threat and Vulnerability Management Zero-day vulnerability Vulnerabilities news Dell data breach exposes data of 49 million customers The company says the breach compromised non-critical customer data and involved no sensitive personal or financial information. By Shweta Sharma May 10, 2024 3 mins Data Breach Hacking feature Social engineering: Definition, examples, and techniques Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data. Train yourself to spot the signs. By Josh Fruhlinger May 10, 2024 15 mins Phishing Social Engineering PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe