Password-less Authentication is a way to authenticate yourself with a service (e.g. to login to a service). Instead of using a password, you use an external hardware devise (a USB key) or some build-in feature like a fingerprint reader. As no password is used, we call it "password-less".
The relatively new standard that is used for this is called WebAuthn or FIDO2 and is supported by industry leaders like Google and Microsoft and build into recent browser versions of Google Chrome and Microsoft Edge among others.
The password-less authentication is much more secure than using passwords as it combines the use of a physical devise (which has some unique key and the ability to securely authenticate with a service) and then some personal knowledge like a PIN code or a personal feature like a fingerprint.
So as passwords can be stolen or guessed (and used remotely), it is much harder for someone to get hold of both the piece of hardware and the personal knowledge or feature (PIN code or fingerprint).
Even strong passwords used in combination with 2FA codes (like what we support with google authenticator app on the phone) is less secure than password-less (WebAuthn or FIDO2). Hackers could steal your mobile phone number remotely and get access to your email account and then reset your password and get into your account.
So how do you enable this password-less login ?
You need the following items to use password-less login with MyRapidi:
- A browser that supports FIDO2. In general the latest versions of Google Chrome, Safari, Firefox or Microsoft Edge, see here for more details.
- A hardware key (like YubiKey) or biometrical device like build-in fingerprint reader in your laptop or mobile device.
Then to setup password-less authentication in MyRapidi:
go to Settings -> Password-Less (WebAuthn)
MyRapidi will check if your browser is supported (If it is not supported, you will get a message about this).
then enter a Nickname for your key (for example: "Michael's Yubikey"),
check the box "passwordless"
press "Add Security Key"
follow the steps provided in the popup browser window.
If the key is successfully added, you will see it in the list of active Security Keys.
We recommend that you add at least two different devises so that you have a devise that you normally use and a backup devise.
If you do not check the box "passwordless" the key will instead be used as secure 2FA devise. In this case you still have to enter your password, and you then have a more secure second factor authentication that will be asked for after the password.