The Future of Authentication: Passwordless and Proud
Why Passwords Are a Thing of the Past
Imagine a world where remembering complex passwords is a distant memory. A world where phishing attacks are significantly reduced, and data breaches are a rarity. This world is not too far-fetched, thanks to passwordless authentication.
The Rise of Passwordless Authentication
Passwordless authentication is a method of verifying user identities without the need for passwords. This innovative approach has gained significant traction in recent years, and for good reason. According to Gartner, by 2022, 60% of large and global enterprises, and 90% of midsize enterprises, will implement passwordless methods in more than 50% of use cases.
The Statistics Don’t Lie
The numbers are staggering:
- The average financial cost of a data breach is $3.86m (IBM)
- Phishing accounts for 90% of data breaches
- 15% of people successfully phished will be targeted at least one more time within the year
- BEC scams accounted for over $12 billion in losses (FBI)
- Phishing attempts have grown 65% in the last year
- Around 1.5m new phishing sites are created each month (Webroot)
- 76% of businesses reported being a victim of a phishing attack in the last year
- 30% of phishing messages get opened by targeted users (Verizon)
Building a Passwordless Future with Auth0 and React Native
In this article, we’ll explore how to implement passwordless authentication in React Native applications using Auth0. We’ll start from scratch and build a login page that verifies a user’s identity and returns the necessary credentials needed to access the app and perform other actions.
Prerequisites
Before we dive in, make sure you have:
- Prior knowledge of authentication principles (a plus, but not required)
- An Auth0 account (we’ll be using Auth0 as our sole auth provider)
- A Twilio account (for SMS service functionality)
- Node installed on your computer
- The Auth0 React Native SDK, and webview installed
Getting Started
Create a new React Native project using the React Native CLI tool. Install the required dependencies and follow these steps accordingly. Once you have your project created and running locally, let’s install some packages that we’ll need to build the app.
Passwordless Flow Using Auth0
Auth0’s passwordless authentication flow is a two-step verification system that takes a user’s email address or phone number. We’ll focus on the phone authentication flow, where we initiate the flow by requesting a code using the user’s phone number. An auth code will be sent to their phone number, and when they enter the code, we’ll log them in and return their access and id tokens based on the specified scopes.
App Configuration
Configure your Android and iOS applications to receive authentication results from Auth0. This configuration makes it possible for Auth0 to communicate with your application and redirect users from your browser to the app.
Set Up an Auth0 Project
Create an Auth0 account, set up a new project, and enable the passwordless grant type on the dashboard. We’ll also need to enable an SMS connection on the application and configure it with your Twilio credentials.
Create the Auth Component
Create a new file called Auth.js, which will host all our code implementations for this project. We’ll create a new instance of the client to make it available in our application, declare some state variables to track the values that we’ll need access to throughout the app, and implement two functions: getLoginCode() and loginUser().
The Future is Passwordless
In this article, we’ve explored the concepts involved in implementing passwordless authentication with Auth0 and Twilio in a React Native application. The possibilities are endless, and we can’t wait to see what you build with it.