No one likes have to remember a ton of logins and passwords, but the need to authenticate ourselves is a necessary evil in order to distinguish ourselves from the billions of other users connecting to the same apps and services we are. But could there be a better, or at least an easier alternative to having users remember all those account details? Facebook thinks so, and it’s turning two-factor authentication on its head for its new Account Kit login system.
With standard two-factor authentication, you may log into an online service with your username and password, before being prompted to verify yourself further by inputting data sent to you over text message. Account Kit trades security for convenience by being able to log you in via text message alone.
To do so, an Account-Kit-connected app just asks users for their phone number – type that in, and you’re sent an SMS with an authentication code for you to enter. There’s no separate usernames or passwords to deal with; by controlling your phone, you control access to your account.
Similar to this SMS-based scheme, Account Kit also allows users to log in with only their email addresses. Again, Facebook delivers a confirmation code to the provided account, allowing users to prove that they’re in control of it. And if neither of those options are working, users can authenticate themselves via Facebook notification.
Does Facebook Account Kit sound like a step backwards in security? Perhaps, but for apps and services where security isn’t vital in the first place, the convenience factor could be a big draw. Facebook is letting devs implement Account Kit for free, but processing more than 100K logins a month will cost them.