Beginning in April 2024, Partner Essentials will be shifting to a passwordless login experience.
Passwordless login via an email PIN, or any similar token-based authentication method, offers several security benefits over traditional password-based systems.
Here are some reasons why it's considered more secure:
- Reduction of Phishing Risks: Users are less likely to enter their credentials into phishing sites because they don't have a static password to be tricked into providing. Instead, they receive a unique, one-time PIN or link via email that is much harder for attackers to replicate or intercept effectively.
- Elimination of Weak Passwords: One of the weakest links in password-based authentication is the use of weak, easily guessable passwords. By using a one-time PIN sent via email, the security doesn't rely on the user's ability to create and remember a strong password, thus eliminating the risk of weak passwords.
- Avoidance of Password Reuse: A significant security issue is users reusing passwords across multiple sites, which means a breach on one site can compromise their security on others. Passwordless authentication eliminates this risk by not requiring a password that can be reused.
- Enhanced Security Features: Email-based authentication often comes with additional security checks, such as verifying the device or location from which the authentication request is made. If an unusual login attempt is detected, it can be flagged or blocked, adding an extra layer of security.
- Reduced Risk of Password Theft: Since there's no static password stored on servers or entered by users, the risk of passwords being stolen from a data breach or through malware on a user's device is significantly reduced.
But doesn't two-factor authentication help solve for this? Absolutely, however, there's another side of the coin here - user experience and also supporting the broad range of standard practices from single person nonprofits to those with dozens or hundreds of users. By associating the authentication with the organization's email standards, Partner Essentials can more easily align with the distinct security protocols of a broad audience.
In other words, Partner Essentials becomes as secure as your email account. And everyone will be in their email inbox more often than Partner Essentials making it very convenient for users fetching the PIN without compromising on security.
So here what you need to know.
This login screen will be replaced...
...by this one.
After you enter your Partner Essentials email address, you will advance to this screen.
At this moment, you will have a PIN in your email inbox similar to the following. Enter that PIN into the box above - and you're in!