In password-less authentication, the method of authentication varies based on the login method.
For example, using a smartphone as a password-less authenticator is not the same user journey as a hardware security token. However, most modern “true password less” methods approach the problem in similar ways.
Mobile password-less authentication works by combining the authenticators and security features of smart phones with public-key cryptography (PKC).
Biometrics: Biometric authentication uses these unique physical traits to verify if a person is who they say they are, without requesting a password.
Magic Links: Instead of asking a user for a password, this form of passwordless authentication asks a user to enter their email address into the login box. An email is then sent to them, with a link they can click to log in. This procedure is carried out each time the user logs in.
One-time codes/passwords: One-time passwords (OTP) or one-time codes (OTC) are similar to magic links, but instead of simply clicking a link, users must enter a code that you send to them (via email or SMS to their mobile device).
Push Notifications: Users receive a push notification on their mobile devices from a dedicated authenticator app (such as Google Authenticator) and open the app via the push notification to verify their identity.