Why is passwordless authentication not gaining traction?

Question

I play an online mahjong game where users doesn't have passwords. You only need an email account and whenever you want to login you get a one-time code to your email address https://i.imgur.com/RI0PqP3.pngThe whole thing... just make more sense? This is nothing special though, just a regular site but not having a password feels more straightforward.

night-rider · Accepted Answer

> You only need an email account and whenever you want to login you get a one-time code to your email addressAnd what if you lose access to your e-mail? It happened to me a few times and I couldn't log in to various services since their login flow required a 'magic link' sent to my e-mail to login.

sn0w_crash · Answer

A key technical hurdle is that companies need to adopt FIDO2 / WebAuthn standards.
There’s also a user experience hurdle where people claim to feel safer with a password or with MFA.
It’s a combination of technical & messaging.

Why is passwordless authentication not gaining traction?

> You only need an email account and whenever you want to login you get a one-time code to your email addressAnd what if you lose access to your e-mail? It happened to me a few times and I couldn't log in to various services since their login flow required a 'magic link' sent to my e-mail to login.

A key technical hurdle is that companies need to adopt FIDO2 / WebAuthn standards.There’s also a user experience hurdle where people claim to feel safer with a password or with MFA.It’s a combination of technical & messaging.

A key technical hurdle is that companies need to adopt FIDO2 / WebAuthn standards.
There’s also a user experience hurdle where people claim to feel safer with a password or with MFA.
It’s a combination of technical & messaging.