Stytch's business is getting rid of passwords so why is it trying to "modernize" their use? Credit: Matejmo / Getty Images Stytch, a company founded to spread the adoption of passwordless authentication, has announced what it’s calling a modern upgrade to passwords. The cloud-based solution addresses four common problems with passwords that create security risks and account friction.Password reuse. When someone tries to access an account covered by the Stytch solution, the password is automatically vetted at HaveIBeenPwnd, a dataset of 12 billion compromised passwords. A password reset is automatically triggered if the password is in the dataset.Strength assessment. When someone creates a password, its strength is automatically assessed using Dropbox’s zxcvbn password strength estimator and a suggestion made that a stronger password should be chosen.Account de-duplicating. Users might forget what authentication method they used to access their account. Did they use Facebook or Google? Did they use an email address? Choosing the wrong method can result in creating a duplicate account. Stytch prevents that by permitting an email login that allows an account to be accessed regardless of the original authentication method.Better reset. Someone wants to access their account, but their password isn’t immediately available. Rather than reset their password to access their account, Stytch offers an email alternative that allows a user to access an account without a password reset.Enthusiasm, hesitancy for passwordless authenticationStytch co-founder and CEO Reed McGinley-Stempel explains that his company was started with a negative view of passwords. “We still have a negative view of traditional password systems and a lot of the assumptions baked into them,” he says, “but if you’re a passwordless company that wants to drive passwordless adoption, you can’t ignore password innovation.”“There’s a lot of enthusiasm for passwordless, but there’s also a lot of hesitancy by organizations to take all their users passwordless,” McGinley-Stempel continues. “They don’t know if all their user demographics will enjoy passwordless or will they end up with customer experience and support issues. Because passwords and passwordless are going to live alongside each other for the next few years, we want to modernize the password so the greatest security concerns about it are addressed.” Passwords are inconvenientAlthough the Stytch solution addresses the problems of weak and compromised passwords with well-established tools, it doesn’t entirely address the password reuse issue, because it doesn’t detect passwords used multiple times but aren’t compromised. “Only the end user knows what passwords they have used for all their services,” says Simon Davis, vice president of marketing for RoboForm, a maker of password management software. While the elimination of passwords has been predicted for many years, the curtain may finally be coming down on the practice. “We’re seeing more and more solutions—especially on the biometric side—being promoted by the major players—Microsoft, Google, Apple. That, and a combination of factors, can eliminate passwords,” says Avi Turgeman, CEO and co-founder of IronVest,an account and identity security company. I think we should get rid of passwords for security reasons, but the reason they will be eliminated is because they’ve become inconvenient. The convenience of biometrics on phones will spread to the desktop and then we’ll be in a position to eliminate passwords.” Related content news Bug in EmbedAI can allow poisoned data to sneak into your LLMs The vulnerability can be used to deceive a user into inadvertently uploading and integrating incorrect data into the application’s language model. By Shweta Sharma May 31, 2024 3 mins Generative AI Vulnerabilities news OpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert Ops OpenAI’s generative AI tools were used to create and post propaganda content on various geo-political and socio-economic issues across social media platforms, the company said. By Gyana Swain May 31, 2024 4 mins Generative AI news Okta alerts customers against new credential-stuffing attacks Hackers are using credential-stuffing to attack endpoints that are used to support the cross-origin authentication feature. By Shweta Sharma May 31, 2024 4 mins Identity and Access Management Vulnerabilities feature 3 reasons users can’t stop making security mistakes — unless you address them Understanding what’s behind employee security mistakes can help CISOs make meaningful adjustments to their security awareness training strategies. By Ariella Brown May 31, 2024 5 mins Data Breach Risk Management PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe