Alternative Authentication Methods

Single Sign-On (SSO)

Multi-Factor Authentication

Passwordless

Biometric Authentication

A Friendly Reminder of Risk

These alternative methods are not sure proof. As with all systems presented, there are always still risks associated with the method. For example, multi-factor auth has and continues to be thwarted with malicious apps on android which used to be able to read SMS messages. Once this vulnerability was discovered, Google changed the permission system to access these messages. However, the adversaries found a new exploit, by reading the message in the notification bar . By combining these methods, and thinking about the most critical parts of the system, you as the developer can minimize risk - but never truly eliminate it.

Additional Readings:

• Oath2
• Auth0 Identity Providers
• Google Identity Platform
• Magic Links
• iOS Biometrics
• Google Authenticator
• Dance Dance Authentication (Enjoy 😊)