Passwordless Login

Passwordless login is a way to verify a shopper’s identity without using a password. It offers protection against cyberattacks, such as phishing and brute-force password cracking. Passwordless login systems use authentication methods that are more secure than regular passwords, including one-time passwords (OTPs) and passkeys.

The Shopper Login and API Access Service (SLAS) supports multiple passwordless login methods:

• Passwordless Login with One-Time Passwords using Callback URI: Send an 8-digit, time-based OTP to your shopper for authentication. To use this method, you must have:
  • A publicly accessible callback URL, such as a B2C Commerce instance, Managed Runtime environment, or your own server.
  • A mechanism to share the passwordless token to the shopper, such as email or SMS.
  • A SLAS private client configured to work with passwordless login.

• Passwordless Login with SMS Service Provider: Send a verification code to shoppers via SMS. To use this method, you must have an SMS service provider such as Marketing Cloud or Amazon SNS.
• Passwordless Login with Passkeys: Authenticate your shoppers using Fast IDentity Online 2 (FIDO2) credentials, also known as passkeys. To use this method, you must have a client-side implementation to serve as the interface for calling the browser’s WebAuthn API. Passkeys are supported for both SLAS private and public clients.
• Passwordless Login with Email: Send registered shoppers an OTP via email. To use this method, you must configure a SLAS private client to work with passwordless login. No third-party integration is required.