 Want to know how to give your users the best login experience possible? Well, in this video, I'm going to show you how to use device biometrics as part of your login flow so that your users can log in without a password. All right, so let's start by addressing the elephant in the room, or the hypothetical elephant in the room. And that's the fact that passwords are not so great. Now first let's say and recognize that passwords are an integral part of how we function every day. If we log into our apps with username or email and password, that's what we're mostly used to in terms of authenticating to get into an application. But that doesn't mean that passwords don't come with downsides. The biggest thing is we have lots of different accounts. If you counted the total number of accounts you have, it may be 50 or 100 or something really big like that. And to make remembering your password really easy, what do we do? Well, we create really small passwords and then we tend to reuse those across platforms which makes us really, really vulnerable. If our password gets leaked, that means it can be used with credential stuffing and a lot of different applications. Now there's another downside to passwords is that they're expensive to manage. Something as simple as a password reset takes development time to build that flow and then it also occasionally takes time from an IT administrator to approve and trigger that flow for you to reset. Not to mention this is not a great user experience. It's probably been through a password reset and it takes time and effort that you may not really want to do. So how do we get around the fact that passwords are just not that great? Well, I want to introduce you to a relatively new method for authentication which is called Web Authent. Now Web Authent allows you to authenticate with two different ways. One is with a roaming authenticator, a physical device, something like a UB key. Now the second authentication method is platform authenticators. This is something that you would use to authenticate on your laptop, on your phone, something like that. And now we can get into device biometrics where we can log in with a fingerprint. Probably done that on your phone, maybe your laptop and it's a very convenient way to authenticate and log in to your apps. Now it's interesting to note how Web Authent works here. It allows the device and the browser to build a trusted relationship and create public private key payers so that they can understand each other and authenticate whatever that biometric sensor is that you're using to prove that you are who you are. Now one additional important note is that biometric info is never sent directly to the authentication platform. That is handled between the device and the browser. You don't have to worry about all zero in this case having all of your actual fingerprints or retina scans or something like that. So Web Authent is really neat for a few different reasons. It has a better completion rate than average than other authentication methods and it also has a lower time to complete. So typically it's faster to be able to log in with that fingerprint than a type in a username or email and password. And another fact Web Authent covers two factors. You may have heard of this before. There's kind of three different ways that you can prove you are who you are. Something you know, something you have, and something that's inherent or intrinsic about you. So something you know would be a password. Something you have would be a device. Something you are or something that's intrinsic to you could be your fingerprint, your biometrics. So Web Authent actually covers two of those things. Something you have in the device and then something you are that's intrinsic to you in your fingerprint or your biometrics. So let's go ahead and see this in action. In the all zero dashboard we'll be able to go in and configure device biometrics and I'll show you how I can log into an application with just my fingerprint. All right, so I'm starting here in the all zero dashboard and I've got an application created called device biometrics demo and it is a next JS application. So if you're curious on how to set up this application that we're going to be working with, there's a link in the card above to set that stuff up in next jazz. But if you download the source code, it's more or less taken care of for you. And that's what I've got running here. So after I downloaded this sample project, I've got it locally, I've installed the packages and I'm running it and that's where I get this application. Now, by default, when I click on log in, what's going to happen is it's going to prompt me for an email password or if I have social connections with GitHub and Twitter or Google, things like that, I would see those options. But in this case, I have those not configured. So I'm just going to log in with my email and password here. Now, if you're going through this for the first time, you might need to click the sign up to actually create your account. But I've already got an account that's been created here. So after I continue and go through this, finish this login process, notice that it shows my profile picture. I can go to the profile page and see some information about myself. So I am, in fact, logged into this app. Now, what if I wanted to forgo or bypass that password requirement? Well, inside of the dashboard here, I can go to authentication and then come down to authentication profile. And so the profile here is basically how is the user going to identify themselves? Well, what we've been using is identifier and password, identifier being email, password being, you guessed it, the password. But in this case, we want to switch this to be identifier first and biometrics. And what this means is you'll enter your identifier, which is an email. And then if you're on a device that has already been registered with biometrics with all zero with this application, you'll be allowed to log in that way instead of your actual password. So let's go ahead and save this. And the neat thing about this is this will use kind of progressive enrollment. What that means is if I log out and try to log back in, I haven't connected any physical UB keys or device biometrics to this application yet. But it's going to recognize that and then ask me if I want to. All right, so I'm going to go through the login experience again. It should look more or less the same as what it has before. So we'll start with our email, then it will prompt us for the password. But then it's going to recognize that I have not yet taken advantage of device biometrics, so it's going to give me an option and say, do you want to log in on this device faster? So if I say continue, now it's going to let me use the fingerprint on my Mac. It's going to save that information as well as the device. And that means that on this computer, I can use my fingerprint to log into this application going forward. So if I come back and log out and then go through this login experience again, I can get to the point where now I enter my identifier and I don't have to give a password at all. I can continue to use my fingerprint. So you might be wondering or you might be calling out, yes, I didn't have to use a password, but at some point I did. Well, we actually have to have a user account created first. And then we can register the devices after to enable that login without a password. All right, if you're interested in giving this a shot, there's a link below to sign up for a free account in all zero where you can try this out in a few minutes, just like we did here. Let us know if you have any questions and the comments below. Thanks as always for checking out the video and we'll catch you next time.