How do I login to my account? A primer on Passwordless Authentication and Two-Factor Authentication (2FA).

Let’s be honest for a second. You most likely use the same password on multiple apps and services or frequently use the trusty Forgot My Password link. Right? Right.

Om Company is the first Wills and estate planning document provider in the world to adopt password-less authentication as a first-step, of many steps, to help customers securely access their data and documents. In place of a username and password, we sign you up and log you back in using your email address, alternatively called Passwordless Authentication. Although it really isn’t truly passwordless, as we generate a time-based one-time use password (TOTP) which is emailed to you.

How do I login to my Om Account?

  1. Just enter your email.
  2. Go check your email.
  3. Enter the words you see in your email back on the login page.

At Om Company, we call ourselves The Peace of Mind Company, as such, we feel it is our duty to use the opportunity of a customer signing up with us to help them learn and secure their digital lives, just as they are securing their real lives, using our estate planning and wills service. As such, we are embarking on a grass-roots effort to encourage our users and customers to setup two-factor authentication (2FA) when they sign up for our services, and we create educational content on how to further secure emails, with yearly reminders.  

The benefits of this method

  1. Ease of use. Users that access an app or service provider infrequently are likely to attempt to enter the correct password multiple times or use the “forget my password” link, which sends a link to reset the password to the email on file. Without the need to remember passwords, users have one-less step to access their accounts. In the event the service provider gets hacked, password hashes, and in some poorly designed systems the plaintext passwords, are not accessed, leaving other accounts secure.
  2.  Secure. In the event the service provider gets hacked, password hashes, and in some poorly designed systems the plaintext passwords, are not accessed, leaving other accounts secure.
  3. Proliferates 2FA. Service providers that are opting for the simplest form of Passwordless Authentication like Om has begun with, are using their engagement with the user to educate and encourage them to setup simple two-factor authentication, such as SMS, and then embarking on a journey to educate users about time-based one-time passwords (TOTP) and hardware authentication keys, such as those supported by Google and Microsoft.

The drawbacks of this method

These drawbacks are not limited to Om’s Passwordless Authentication service, but to all username and password setups where an email is compromised.

  1. Only as secure as your email. If you use the same password for your email as other services, or do not frequently change your password, you are at risk of losing access to your accounts, regardless of if they use a Passwordless Authentication like Om or not. Nefarious actors who have access to your email can use the “forgot my password” links to request access to your accounts.
  2. Confusing at the beginning. Users have been trained to register with a username and password since the early days of the internet, and changing this behaviour is a long road. A small subset of users may be confused at how to login.