Missing Passwords Report: Zomato
The Passwordless hype-train is getting stronger by the minute. Hop on!
The shift to passwordless authentication is well and truly happening — it isn’t just a niche experiment happening on some tinkerer’s project on the web anymore. Apps/Platforms like Slack, Wordpress and even Craigslist now allow their users to login without the hassle of remembering passwords. And it’s not just the free-spirited Consumer or SaaS players who have embraced passwordless authentication — even a huge enterprise behemoth like SAP recently rolled out a unified user account that authenticates their customers without passwords and allows access to multiple SAP products.
With this Missing Passwords Report series (not Missing Persons Report), I’ll shine a spotlight on companies that have offloaded password management in an interesting way and made passwordless auth a way of life for their users.
In this post, let’s take a look at Zomato — the Indian food-tech startup doing everything from Restaurant Discovery and Reviews (like Yelp) to Online Food Ordering and Delivery (like UberEats; oh wait, Zomato ACTUALLY acquired UberEats India). Zomato has had a great run and is one of the shining examples of the Web 2.0 wave of successful Indian internet startups. They had a successful IPO in the Indian markets earlier in 2021 and things are looking up as they consolidate a large share of the Indian restaurant market.
However, things were not so rosy for Zomato a while back. Having been a long time customer of Zomato, I remember being quite shocked when news broke about Zomato’s massive User data leak in 2017. Over 17 million User Email IDs and hashed Passwords were put up for sale on a dark web marketplace. Most mainstream and internet media channels reported this story as a warning sign — the pitfalls of trusting a relatively young startup with your personal data. The narrative was set against the backdrop of data breaches and manipulation like the Cambridge Analytica scandal.
Zomato, going against the grain, was smart enough to acknowledge the breach in public and get ahead of the problem. They assured Users that the leaked passwords were all hashed and their accounts wouldn’t be compromised, despite the leaked Email IDs. Zomato decided to get proactive and focus on building a better solution to managing user passwords — by going #passwordless and NOT managing any user passwords at all. They decided to lean heavily on Social Account based authentication (Google Accounts) and OTPs or One Time Passwords (via email or SMS).
Zomato primarily offers only two modes of Sign Up. Users can either sign up with their Name + Email ID OR by using a Google Account.
For Login, Zomato offers two options for OTP alongside a Google Account Login option. The default login mode is SMS OTP since there are way more mobile phone users in the Indian market than email users. For users who prefer to login via email, they also have an email based OTP login option.
AuthEasy — Login Auth to be this Easy!
If you’d like to treat your users by making your app’s authentication flow passwordless, we can help! Check us out at https://autheasy.app/ or talk to us at hello@autheasy.app. Make your users experience truly frictionless auth by implementing passwordless auth in minutes using @autheasy. :D
