Q: What authentication technology do big consumer apps use?
Passwords are no longer a reliable way to keep users secure. Many new and rising authentication technologies are available. I’ve been digging this topic and I’d love to share my findings, which could be useful for product designers and builders.
Method 1: Magic links (sign up and login)
Magic links are a passwordless way to authenticate users. After signing up, you’ll get an email with a link where you can click to authenticate yourself. Some companies like Slack, by default, don’t ask users to put in a password. This way, the company has less liability for making your password secure.
- User flow: Sign up/login → get a link on email → click the link → done
- Ideal for: sign up and sign in.
- Key benefit: users don’t store any passwords on your database. Less liability.
- Companies that use this method: Medium, Slack, Notion
Method 2: Passkey to login without password (login)
I noticed Google and GitHub have been pushing this new passkey technology recently. It’s a simple and secure alternative to passwords. When you sign in to your account, Google will ask you to scan your face or fingerprint on your other devices to confirm that you are who you say you are. This is another form of two-factor authentication. KAYAK claimed they’d improved their security after implementing passkey (link).
- User flow: sign in → verify using fingerprint or face ID → done
- Ideal for: sign-in, preventing phishing
- Key benefit: login without password, but verify using another device
- Keyword to look: passkey, passwordless
Method 3: Biometrics authentication instead of PIN (Open app)
In the past, many banking or fintech apps required users to enter PINs for extra security. But now biometrics like face ID and fingerprints have become a default way to “open the app.”
- User flow: open the app → face ID / fingerprint → done
- Ideal for banking, financial services, healthcare, or apps requiring extra security before users can open them. Apps like banking usually store sensitive information.
- Key security benefit: users can open the app quickly—better experience for users, but still have extra security.
- Companies who use this: Apple, Samsung, GoTrade, Wise, PayPal
Method 4: Phone number as an identifier (Sign up and login)
Many apps uses phone number as the unique identifier. WhatsApp is the first one popularize this approach. The obvious benefit is non-tech savvy people don’t have to remember usernames or passwords.
- Observation: all communication apps are using phone number as the only unique identifier.
- Key security benefit: Phone numbers are difficult to steal, unlike emails. When people noticed their phones are stolen, they can take action. So a lot of consumer apps these days utilizing this as the authentication method.
- Companies who use this: WhatsApp, Telegram, Wise, Tinder, Clubhouse
On two-factor authentication
A lot of apps has already integrated two-factor authentication. This is widely adopted authentication method. So I’m not gonna talk about it.
This is originally posted on my newsletter
Follow me on LinkedIn or Twitter
Top comments (0)