Opinion, advice, and analysis by the TNW community

Alternates to passwords: 11 ways to safeguard logins to websites or programs

Scott Gerber
Story by
Scott Gerber

Scott Gerber is the founder of Young Entrepreneur Council (YEC), an invite-only organization comprised of the world’s most successful young entrepreneurs. YEC members rep… (show all) Scott Gerber is the founder of Young Entrepreneur Council (YEC), an invite-only organization comprised of the world’s most successful young entrepreneurs. YEC members represent nearly every industry, generate billions of dollars in revenue each year and have created tens of thousands of jobs. Learn more at yec.co.

YEC

We all have what feels like a million passwords to remember, and the constantly changing authentication process sometimes makes it difficult to know what your password is for any given site. In addition, many passwords are easily hackable, putting your personal information — or even worse, confidential details your customers entrusted you with — at risk.

However, there are other ways that you can access programs and websites without having to enter a traditional password. To find out what alternatives to passwords companies or developers can use — and how they might work in comparison — I asked a panel of entrepreneurs from YEC the following question:

What is a good alternative to passwords that sites or programs can use? Why would this system work better than what people are currently using?

Their best answers are below:

1. Biometric Authentication

Do you use your finger to log into your smartphone or gain access to certain apps? Then you’re already using biometrics to authenticate your accounts and prove your identity. More businesses should invest in ways to implement biometrics into their security efforts since your DNA is specific only to you and would prove to be a secure method of protection. – Chris Christoff, MonsterInsights

2. Multi-Factor Authentication

Multi-level authentication is much more secure for those enterprises that store a large cache of sensitive data. A good example is token authentication. Verification is based around a certain trusted device. In some cases, a system recognizes a user’s smartphone as a digital certificate. Then, the authentication is validated through the possession of the trusted device. – Blair Thomas, eMerchantBroker

3. Trust Scores

Google announced a couple of years ago that they want to get rid of passwords and replace them with a trust score system. Users would be able to log in with a trust score which is calculated using a number of behavioral factors such as facial recognition, location in relation to known Wi-Fi networks, the way your voice sounds, and even typing patterns. – Stephanie Wells, Formidable Forms

4. Grid Authentication Cards

Many overseas banks issue grid authentication cards for increased security. You have to know your pin and then be in possession of your card. It’s the old school version of two-factor authentication, except it can’t be accessed by hacking your phone. These cards are a good alternative to passwords and pins. – Matt Wilson, Under30Experiences

5. Push Notifications

Instead of passwords, you can use push notifications for user authentication. When a user attempts to log in, they’ll get a push notification on their smartphone, in order to ensure the right user is signing in. This eliminates the need to look up one-time passwords, which makes for a better user experience overall. – John Turner, SeedProd LLC

6. A Digital Certificate

With a digital certificate, your identity is verified in more than one way and there’s usually no extra lag time to log in. So there’s typically a higher level of security and no increased wait time for customers. – Andrew Schrage, Money Crashers Personal Finance

7. Incorporate a Phrase

As a method of two or three-factor encryption, I’ve noticed that many blockchain-based apps and sites incorporate a phrase instead of a password. They’ll randomly string together short words like “egg,” “car” and “house” in a particular order, requiring the user to properly arrange them in order to access their account. This allows for a similar level of protection and is easier to remember. – Bryce Welker, Beat The CPA

8. ID Card Authentication

Estonia is one of the most technologically advanced countries and almost every serious website uses the national ID card along with PIN codes and a chip reader instead of a password. This ranges from websites to file your taxes, to privately owned banks, and even online forums. Other websites also let you sign in by signing into your online bank, for example. It’s the best way to confirm identity. – Karl Kangur, MRR Media

9. Federated Authentication and Links

Using a federated authentication (log in with Google/Facebook/Twitter) really is the best approach for most sites and apps. It removes the burden of correctly storing passwords and hopefully reduces friction during the sign-up process. Providing “magic links” like Slack to sign users in on new devices is also a great user experience. – Ashish Datta, Setfive Consulting

10. Login URLs

If you’re like most people who use varying passwords to stay safe online, you frequently find yourself dancing with the forgotten password process. Eliminating passwords by providing a 10-minute active login URL to the registered email or SMS is a great way to eliminate the need for passwords and doesn’t require custom apps for access to push notifications. – Punit Shah, My Trio Rings

11. Web Authentication API

The Web Authentication API, also known as webauthn, is a passwordless authentication system from the FIDO Alliance, which includes Google, Amazon, and hundreds of other corporations. Supported in newer versions of all major browsers, Webauthn uses public-key cryptography and on-device authentication such as biometric sensors to allow users to register and sign in securely without passwords. – Justin Blanchard, ServerMania Inc.

Published June 21, 2019 — 09:00 UTC