Passwordless authentication is a means to verify a user’s identity, without using a password. Instead, passwordless uses more secure alternatives like [[Authentication Factors#Possession Factor]] ([one-time passwords [OTP]](https://www.onelogin.com/learn/otp-totp-hotp), registered smartphones), or biometrics (fingerprint, retina scans).^[[The Truth About Passwordless Authentication | OneLogin](https://www.onelogin.com/learn/passwordless-authentication)]  ## What are the Types of Passwordless Authentication? Passwordless authentication can be achieved in many ways. Here are a few: - **Biometrics:** Physical traits, like fingerprint or retina scans, and behavioral traits, like typing and touch screen dynamics, are used to uniquely identify a person. Even though modern AI has enabled hackers to spoof certain physical traits, behavioral characteristics still remain extremely hard to fake. - **Possession factors:** Authentication via something that a user owns or carries with them. For example, the code generated by a smartphone authenticator app, OTPs received via SMS, or a hardware token. - **Magic links:** The user enters their email address, and the system sends them an email. The email contains a link, which when clicked, grants access to the user.