Passwordless authentication verifies a user’s identity using something they have (such as a mobile device) or something they are (such as a biometric).
In a passwordless authentication system, attackers simply can’t use passwords to login because they don’t exist in any form, including initial sign-in or as a retrieval method stored by the site or service owner. And even the most secure password can still be compromised if it’s snatched in a data breach, an occurrence that is all too frequent and completely out of the account holder’s control. My assistant said that he has so many variations on his original password that it is impossible to remember which version unlocks which account. You may need to use multiple symbols, numbers, upper and lowercase letters and you can’t reuse a previous password for an account. You’ve no doubt struggled with creating and remembering ever more complex passwords, one for each account you use.