Ah, the passwords. Unlivable, but irreplaceablewhat Sabina would say. For Spotify they certainly are, because they want to get rid of them. In a message it is sending to its users, it warns them that username-based logins will stop working on September 1, 2026.
Enough of so much user-password. The company’s message is striking and breaks with a tradition that is the norm in practically throughout the industry: If you want to access a service on the Internet, you normally log in with the traditional user-password pair.
Existing alternatives. Spotify currently offers various shapes to log in. This can be done with a username and corresponding password, with an email address and password, or through associated Google or Apple accounts.
From now on, use email. The company’s notice only refers to the username option as the one that will be removed, and it does not appear that other forms of login will be removed. In the message they do indicate that “Instead, you will be able to log in with your email” And you know what?
Is a great idea.
Long live passwordless authentication. In recent years, an authentication system that stops using passwords and focuses on other methods has been gaining strength:
- Magic links: the user enters their email address, and the system sends a unique URL to that email. As soon as the user clicks on the address, a tab opens in the browser showing how the user has authenticated using that link.
- One-time passwords: instead of having a permanent password, the user enters their email address and in a few seconds receives a code (usually numerical, for example six digits) that they must enter in the application or web service. Once entered, authentication is completed.
Many advantages… This type of email authentication eliminates the need to memorize passwords or manage them with a specialized application. This also allows us to prevent our data from being part of those traditional and disturbing massive password theftsand it is a very simple alternative for the user. No route-forcing attacks, weak passwords or reusing the same password for everything. And of course, nothing stops change them every so often.
…and some disadvantages. . The bad thing is that the security of the method depends exclusively from the email address. If someone hacks the user’s email, they will have access to all accounts linked to that email address. This method is also vulnerable to attacks from advanced phishing: A fake website that imitates the design of a legitimate one can ask the user to enter the email, request the real code from the legitimate server and then ask the user to enter instead (Man-in-the-Midle attacks).
GIPHY App Key not set. Please check settings