Why PasswordLessAuth?


Better for the users

Users don't want to remember passwords. That's a fact.

The truth is, passwords are insecure precisely because of that. Studies show that most users use the same password for all their services (including bank accounts or sensitive information sites). Furthermore, most users choose weak, easy to remember passwords.

However, common alternatives to passwords like Social Login and OAuth in general also have their problems:

- To begin with, they force the users to have an account in an external service, usually a Social Network. Some users are just not ok with that.

- They don't provide real authentication, only authorization.

- The privacy of the users is in the hands of companies like Facebook or Google.

- The user experience is bad for modern mobile applications (i.e: switching back and forth from your app to the browser)

PasswordLessAuth tries to address all those problems by providing a simple, seamless authentication mechanism that's user friendly and removes passwords from the equation.

Better for developers

PasswordLessAuth wants to offer a better solution for developers than OAuth, currently the de-facto standard for Social Login today.

To begin with, OAuth is not a real authentication system. It does not provide authentication, but authorization.

This difference is important. With OAuth, you can affirm that someone has authorized your application to access some data from an authentication service in the past, but you haven't actually authenticated the user. The authentication of the user depends on a third party company (like Facebook), and you have no control on how strict this authentication is, or if a real authentication is enforced once the user has already signed in before.

This also means that, at most, OAuth will give you a pair of tokens from a third party service. What you do with them is not specified in the protocol. Thus, the most important part of the authentication process is undetermined, and left to the developer (sometimes resulting in poor authentication practices).

Additionally, OAuth is hard to understand by developers. It's a complicated and certainly outdated protocol. I have worked with OAuth extensively throughout the years, so this is a justified statement. Not a single developer will tell you that they had a great time implementing or integrating OAuth in their apps.

Furthermore, OAuth is terrible for the user experience within modern mobile applications. The authorization of the user happens in a browser window. On many Android and iOS Apps, that means switching to the browser or opening a browser within your application, completely ruining the user experience.

Finally, for some developers, leaving the authentication of your users to third party companies like Facebook, Google or Twitter poses some important security and privacy concerns.

The PasswordLessAuth protocol

Some Advantages of PasswordLessAuth over OAuth


Real authentication, not authorization

Thanks to its asymmetric cryptography protocol, both the frontend application and the backend will irrevocably identify themselves.


Enforced user authentication

The PasswordLessAuth strict authentication mode makes use of the device biometric sensors to further enforce the identification of the users.


Mobile friendly, integrated experience

PasswordLessAuth has been designed for modern mobile apps, with the user experience in mind. The authentication occurs entirely within the app.

Want to know more? Join our newsletter.

Find us on Facebook

We are also on Twitter

Oh, and on Github too