Overblog
Edit post Follow this blog Administration + Create my blog
INDIA'S LARGEST RETAILER NETWORK, BEST FINTECH SERVICE PROVIDER
INDIA'S LARGEST RETAILER NETWORK, BEST FINTECH SERVICE PROVIDER

We offer Money Transfer, Bill Payment, Bus/Flight/Train Ticket Booking, Hotel Booking, Travel Package, Recharge, Fast tag, AEPS, Cash Withdrawal Cash Deposit, Micro ATM, Pan Card etc.

modi, ebigshop, aeps, best portal aeps, best aeps, ebigshop aeps, bharat, mini bank, csp, csc, cash

What is Password-less login and how it actually works

June 30 2020

Written by EBIGSHOP and from Overblog

What is Password-less login and how it actually works:

Well, Password-less login is a technique to let you log in to your accounts without using any password. There are some different ways which companies use to implement the password-less login. let’s discuss them one by one.

Sending a Magic Link on the Email:


There are some high profile websites like Slack Which implement this functionalityy. You just have to enter the email in the login field and they will send him a magic link which will let them login without the password. Email providers takes security seriously. But most of the times they don’t do the email encryption between the mail server and this poses a significant risks even the tokens can be sniffed over a insecure network if the basic security protocols has not been implemented.


Sending an OTP via SMS or email:


In this authentication, the application sends an OTP via SMS or email to the users on their registered mobile number/email. In order to log in, the user has to enter the correct OTP which eliminates the requirement of password (works as One Time Password) and the user gets logged in. If the application doesn’t have the basic security things such as Rate limiting or captcha on the OTP then an attacker may brute Force the OTP and can get access to the account of the victim.


Authentication Via Logged in Users:


This is implemented by Google. Let’s take an example to understand how it works. Let’s suppose you have an android device in which you have Signed in your Google Account. Now, as soon as you try to login via desktop it will send you a notification on your android device which asks for the approval and as soon as you approve the request you automatically get signed into your account. They also ask for some other verification via this notification like if you try to sign in from an unknown IP address etc. There are some conditions which require this to work such as your email id should have to be signed in to mobile devices so you can approve the login. This seems secure but can put your account to jeopardy if someone gets access to your device just for a few seconds.

 

 

Share this post
Repost0
To be informed of the latest articles, subscribe:
You might also like:
Best AEPS Provider in India, You Want to know all about this
Best AEPS Provider in India, You Want to know all about this
How To Register For AEPS l AEPS Registration l Best AEPS Service
How To Register For AEPS l AEPS Registration l Best AEPS Service
Aadhaar Enabled Payment System: Key things to know
Aadhaar Enabled Payment System: Key things to know
Happy Republic Day
Happy Republic Day
What are the characteristics of a good API banking platform?
UPI कैसे काम करता है? Cashless India's Important Step
Comment on this post
EBIGSHOP INDIA - Hosted by Overblog