Medium and Slack moved away from passwords and here's a reason why you should too!

﻿
Medium and Slack moved away from passwords and here's a reason why you should too!
Turns Out Your Complex Passwords Aren't That Much Safer — Go Passwordless!
﻿
<img data-testid="ImageElementImage" alt="" data-slate-url="https://api.typedream.com/v0/document/public/1e6ce0e1-a9a4-4cfe-8b14-0df5f5b11e52_01Sign-In-with-Email_Phone-1_webp.webp" data-slate-width="559" data-slate-height="332" data-slate-open-in-new-tab="false" data-slate-mobile-hide="false" srcSet="/_next/image?url=https%3A%2F%2Fapi.typedream.com%2Fv0%2Fdocument%2Fpublic%2F1e6ce0e1-a9a4-4cfe-8b14-0df5f5b11e52_01Sign-In-with-Email_Phone-1_webp.webp&amp;w=640&amp;q=75 1x, /_next/image?url=https%3A%2F%2Fapi.typedream.com%2Fv0%2Fdocument%2Fpublic%2F1e6ce0e1-a9a4-4cfe-8b14-0df5f5b11e52_01Sign-In-with-Email_Phone-1_webp.webp&amp;w=1200&amp;q=75 2x" src="/_next/image?url=https%3A%2F%2Fapi.typedream.com%2Fv0%2Fdocument%2Fpublic%2F1e6ce0e1-a9a4-4cfe-8b14-0df5f5b11e52_01Sign-In-with-Email_Phone-1_webp.webp&amp;w=1200&amp;q=75" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%" class="css className slate-img" loading="lazy"/>
﻿
If we don't solve the password problem for users in my lifetime I am gonna haunt you from beyond the grave as a ghost pic.twitter.com/Tf9EnwgoZv
— Jeff Atwood (@codinghorror) August 11, 2015 
﻿
Credits: Jeff Atwood https://blog.codinghorror.com/password-rules-are-bullshit/﻿
﻿
The Problem
As mentioned in our previous blog "Passwords Will Be a Thing of the Past", in this blog post we are going to discuss how common password practices have increased friction for the average user and not necessarily made it more secure.
<img data-testid="ImageElementImage" alt="" data-slate-url="https://api.typedream.com/v0/document/public/7234a1b1-adf1-4095-80ec-586bfed61c51_02image_webp.webp" data-slate-width="700" data-slate-height="568.5135135135135" data-slate-open-in-new-tab="false" data-slate-mobile-hide="false" srcSet="/_next/image?url=https%3A%2F%2Fapi.typedream.com%2Fv0%2Fdocument%2Fpublic%2F7234a1b1-adf1-4095-80ec-586bfed61c51_02image_webp.webp&amp;w=750&amp;q=75 1x, /_next/image?url=https%3A%2F%2Fapi.typedream.com%2Fv0%2Fdocument%2Fpublic%2F7234a1b1-adf1-4095-80ec-586bfed61c51_02image_webp.webp&amp;w=1920&amp;q=75 2x" src="/_next/image?url=https%3A%2F%2Fapi.typedream.com%2Fv0%2Fdocument%2Fpublic%2F7234a1b1-adf1-4095-80ec-586bfed61c51_02image_webp.webp&amp;w=1920&amp;q=75" decoding="async" data-nimg="intrinsic" style="position:absolute;top:0;left:0;bottom:0;right:0;box-sizing:border-box;padding:0;border:none;margin:auto;display:block;width:0;height:0;min-width:100%;max-width:100%;min-height:100%;max-height:100%" class="css className slate-img" loading="lazy"/>
Credits: Jeff Atwood https://blog.codinghorror.com/password-rules-are-bullshit/﻿
Most web/mobile apps have implemented password rules in hopes of increasing their security; however, that is not the case. You can see from the picture above that it's much easier for a computer to guess a short "strong password" rather than a long alphabetical password.
﻿
So instead of creating complicated rules for our users, we have to move on from using passwords.
The Solution
Go password-less. There are several approaches to eliminating passwords and for this blog post, we're going to see how magic links can help decrease friction and increase security for our users.
Here is Cotter's Magic Link authentication flow.
Sign Up/Register
Enter Email or Phone Number
Receive magic link via Email or SMS/WhatsApp
Click the magic link and it will create a new user account
Login (same device or browser)
Enter Email or Phone Number
Authenticate user
Login (different device or browser)
Enter Email or Phone Number
Receive magic link via Email or SMS/WhatsApp
Click the magic link and it will authenticate the user
What's Next?
If you're interested to try out our authentication flow, check out our quick start guides below.
Web: https://docs.cotter.app/sdk-reference/web/web-sdk-verify-email-phone﻿
Angular: https://blog.cotter.app/p/f865ef92-627b-42fe-9fbd-743eac9e0e33/﻿
Gatsby: https://blog.cotter.app/stop-spending-days-to-code-your-login-page-add-cotters-magic-link-to-your-gatsby-app-under-5-minutes/﻿
Next.js: https://blog.cotter.app/p/79ffb2ac-e7d0-4441-bdfe-6359563bea90/﻿
React Native: https://docs.cotter.app/sdk-reference/react-native/react-native-sdk-verify-email-phone﻿
Flutter: https://blog.cotter.app/flutter-email-phone-auth-3-simple-steps-to-log-in-your-users-via-email-sms-and-whatsapp-using-cotter/﻿
iOS: https://docs.cotter.app/sdk-reference/ios/older-versions/ios-sdk-verify-email-phone﻿
Android: https://docs.cotter.app/sdk-reference/android/android-sdk-1﻿
Other Mobile Apps: https://docs.cotter.app/sdk-reference/api-for-other-mobile-apps/api-for-mobile-apps﻿
Questions & Feedback
Come and talk to the founders of Cotter and other developers who are using Cotter on Cotter's Slack Channel.
Ready to use Cotter?
If you enjoyed this tutorial and want to integrate Cotter into your website or app, you can create a free account and check out our documentation.
If you need help ping us on our Slack channel or email us at team@cotter.app.