# Passwordless authentication | | **Passwordless authentication** is an authentication method in which a user can log in to a computer system without the entering a password or any other knowledge-based secret. In most common implementations users are asked to enter their public identifier and then complete the authentication process by providing a secure proof of identity through a registered device or token. | |-|-| | | wikipedia:: [Passwordless authentication](https://en.wikipedia.org/wiki/Passwordless_authentication) | > [!summary]- Wikipedia Synopsis > **Passwordless authentication** is an authentication method in which a user can log in to a computer system without the entering (and having to remember) a password or any other knowledge-based secret. In most common implementations users are asked to enter their public identifier (username, phone number, email address etc.) and then complete the authentication process by providing a secure proof of identity through a registered device or token. > > Passwordless authentication methods typically rely on public-key cryptography infrastructure where the public key is provided during registration to the authenticating service (remote server, application or website) while the private key is kept on a user’s device (PC, smartphone or an external security token) and can be accessed only by providing a biometric signature or another authentication factor which is not knowledge-based. > > These factors classically fall into two categories: > > > > Ownership factors (“Something the user has”) such as a cellular phone, OTP token, smart card or a hardware token. > > Inherence factors (“Something the user is”) like fingerprints, retinal scans, face or voice recognition and other biometric identifiers.Some designs might also accept a combination of other factors such as geo-location, network address, behavioral patterns and gestures, as long as no memorized passwords are involved. > > Passwordless authentication is sometimes confused with multi-factor authentication (MFA), since both use a wide variety of authentication factors, but while MFA is often used as an added layer of security on top of password-based authentication, passwordless authentication does not require a memorized secret and usually uses just one highly secure factor to authenticate identity, making it faster and simpler for users. > > "Passwordless MFA" is the term used when both approaches are employed, and the authentication flow is both passwordless and uses multiple factors, providing the highest security level when implemented correctly. [[Passkey (authentication)]] [[Public-key Cryptography]] [[Security Token]] [[Webauthn]] [[FIDO Alliance]]