Login “Auth” to Be Easier

You finally nailed it! You found the next billion-dollar idea, ran some surveys, and got positive feedback. You are really excited about this idea and want to get started, pronto! But wait, before you build your product, you need to develop the dreaded authentication infrastructure *sigh.*

Most teams start their product journey by building user infrastructure. They spend tons of time deciding how their users will log in/ sign up for their new product. Typically, this starts with the product manager deciding if they want the user to use a username, email, phone, or social account (Google, FB, etc.) to log in. Then the engineer (or the engineering team) designs the database tables, the various APIs necessary, and finally starts writing code. This could take anywhere from hours to days.

The development process gets more complex and time-consuming if they want to use SMS, WhatsApp, or Social Accounts for authentication. Before writing any code, the engineer needs to research and understand the Google APIs, Facebook APIs, SendGrid APIs(Email), Twilio APIs (for SMS), WhatsApp Business APIs, etc. There is also some non-dev work required to get these APIs to work. For instance, if a team wants to use SMS and send a One-Time-Password to verify the phone number, they need to:

• Set up a Twilio account, Buy a Phone Number, Get Approval for the US phone number — takes 1–3 days.
• Get 10DLC Subscription (to be able to send bulk messages) — takes up to 1 week.
• Get a ShortCode — takes up to 12 weeks
• Provide business documentation (like incorporation etc.) — not all teams have this information when they start.

If the team would like to use WhatsApp to verify the phone number, it could take up to 6 weeks or more. Teams cannot directly work with WhatsApp’s APIs; instead, they need to work with a Facebook Solution Partner. They need to set up meetings and explain the use case before the partner and Facebook can approve the use of the APIs.

The user infrastructure work doesn’t end with login and signup. The engineer needs to build flows if the user forgets their password or wants to reset their password. Additionally, the engineer needs to develop flows to verify the email or phone that the user uses to authenticate. All this while zero effort goes into building the team’s core product.

Let’s assume that the team successfully navigates through these infra hurdles and finally launches the product. Their troubles with user infrastructure don’t end here. The Open Web Application Security Standard (OWASP) recommends that all passwords be considered “pre-breached” because 81% of internet breaches involve weak or stolen passwords, which means teams need to ask their users to set a complex password. This adds friction to the signup process and increases the bounce rate. On the flip side, users don’t always remember complex passwords, putting pressure on the team’s support infrastructure. According to a Gartner Group report, between 30% and 50% of all IT help desk calls/tickets are for password resets. All in, a single password reset request costs companies an average of $70 — factoring support costs and losses due to user inactivity. Finally, teams also need to spend time/effort maintaining this user infrastructure (including QA, site reliability, and security audits) to protect their products from any breaches. Data breaches can cost companies anywhere between $1.25 million to $8.19 million per breach (averaging about $150 per record), depending on the country and industry.

Enter AuthEasy

We made AuthEasy because we think:

• Teams spending time on “figuring out authentication infrastructure” sounds like misplaced prioritization.
• Users being held responsible for setting complex passwords sounds like poor UX.
• Passwords will cease to exist in the future.

With AuthEasy, teams can set up password-less login/signup for their applications in a matter of minutes. Teams can choose to enable one or more authentication methods, including

• 📧 Email: an email with a unique link used to login
• 📲 SMS & WhatsApp: a passcode used to login
• 😎 BioMetric/Facial Recognition: logging into an app is as simple as unlocking a phone
• ⛓️ Blockchain: allows decentralization of user identity and authentication

AuthEasy takes care of the authentication infrastructure and lets teams focus on building their product.

We developed AuthEasy first and foremost for our products (See how one of our products uses AuthEasy). Like teams out there, we like to experiment and launch new products, and authentication was one of the first pieces of code we wrote each time we started working on a new product. AuthEasy was an effort to unify the authentication code, and we realized others might need it too, so we built it out as a separate product.

We offer three AuthEasy solutions :

• Developer Friendly: APIs, SDKs, and Documentation for developers to copy-paste into their code, all while keeping their own design.
• No-Code: Links that no-coders can paste into their apps.
• Hybrid: For teams that want our APIs but don’t want to build the UI for authentication.

Interested in learning more? Come check us out at AuthEasy .

Watch this blog for more updates about AuthEasy as we transition the world into a password-less future.