Stytch, a company founded to spread the adoption of passwordless authentication, has announced what it’s calling a modern upgrade to passwords. The cloud-based solution addresses four common problems with passwords that create security risks and account friction.
Password reuse. When someone tries to access an account covered by the Stytch solution, the password is automatically vetted at HaveIBeenPwnd, a dataset of 12 billion compromised passwords. A password reset is automatically triggered if the password is in the dataset.
Strength assessment. When someone creates a password, its strength is automatically assessed using Dropbox’s zxcvbn password strength estimator and a suggestion made that a stronger password should be chosen.
Account de-duplicating. Users might forget what authentication method they used to access their account. Did they use Facebook or Google? Did they use an email address? Choosing the wrong method can result in creating a duplicate account. Stytch prevents that by permitting an email login that allows an account to be accessed regardless of the original authentication method.
Better reset. Someone wants to access their account, but their password isn’t immediately available. Rather than reset their password to access their account, Stytch offers an email alternative that allows a user to access an account without a password reset.
Enthusiasm, hesitancy for passwordless authentication
Stytch co-founder and CEO Reed McGinley-Stempel explains that his company was started with a negative view of passwords. “We still have a negative view of traditional password systems and a lot of the assumptions baked into them,” he says, “but if you’re a passwordless company that wants to drive passwordless adoption, you can’t ignore password innovation.”