Passwordless company claims to offer better password security solution

Stytch's business is getting rid of passwords so why is it trying to "modernize" their use?

Conceptual image of a password amid hexadecimal code.
Matejmo / Getty Images

Stytch, a company founded to spread the adoption of passwordless authentication, has announced what it's calling a modern upgrade to passwords. The cloud-based solution addresses four common problems with passwords that create security risks and account friction.

  • Password reuse. When someone tries to access an account covered by the Stytch solution, the password is automatically vetted at HaveIBeenPwnd, a dataset of 12 billion compromised passwords. A password reset is automatically triggered if the password is in the dataset.
  • Strength assessment. When someone creates a password, its strength is automatically assessed using Dropbox's zxcvbn password strength estimator and a suggestion made that a stronger password should be chosen.
  • Account de-duplicating. Users might forget what authentication method they used to access their account. Did they use Facebook or Google? Did they use an email address? Choosing the wrong method can result in creating a duplicate account. Stytch prevents that by permitting an email login that allows an account to be accessed regardless of the original authentication method.
  • Better reset. Someone wants to access their account, but their password isn't immediately available. Rather than reset their password to access their account, Stytch offers an email alternative that allows a user to access an account without a password reset.

Enthusiasm, hesitancy for passwordless authentication

Stytch co-founder and CEO Reed McGinley-Stempel explains that his company was started with a negative view of passwords. "We still have a negative view of traditional password systems and a lot of the assumptions baked into them," he says, "but if you're a passwordless company that wants to drive passwordless adoption, you can't ignore password innovation."

"There's a lot of enthusiasm for passwordless, but there's also a lot of hesitancy by organizations to take all their users passwordless," McGinley-Stempel continues. "They don't know if all their user demographics will enjoy passwordless or will they end up with customer experience and support issues. Because passwords and passwordless are going to live alongside each other for the next few years, we want to modernize the password so the greatest security concerns about it are addressed."

Passwords are inconvenient

Although the Stytch solution addresses the problems of weak and compromised passwords with well-established tools, it doesn't entirely address the password reuse issue, because it doesn't detect passwords used multiple times but aren't compromised. "Only the end user knows what passwords they have used for all their services," says Simon Davis, vice president of marketing for RoboForm, a maker of password management software.

While the elimination of passwords has been predicted for many years, the curtain may finally be coming down on the practice. "We're seeing more and more solutions—especially on the biometric side—being promoted by the major players—Microsoft, Google, Apple. That, and a combination of factors, can eliminate passwords," says Avi Turgeman, CEO and co-founder of IronVest,

an account and identity security company. I think we should get rid of passwords for security reasons, but the reason they will be eliminated is because they've become inconvenient. The convenience of biometrics on phones will spread to the desktop and then we'll be in a position to eliminate passwords."

Copyright © 2022 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)