From the beginning of online accounts, we had passwords. Then we got “I forgot my password”. Password recovery processes were developed to reduce support fatigue. The most popular recovery mechanism is a link with a password reset token sent to the user by email. Then we got “I didn’t get the email”. To help mitigate email delivery issues, the online account registration process required a confirmed email address before access is granted. This discourages users from registering because they fear their email address will be sold, stolen, shared, or abused by email spammers. If passwords are removed, the email address can become optional.

The Users Without Passwords Project (UWPP) is the source code for UsersWithoutPasswords. Com. The UWPP is developed with Visual Studio 2022 and the MS Long Term Support (LTS) version .NET 8.0 framework. All Errors, Warnings, and Messages from Code Analysis have been mitigated. The UWPP implements WebAuthn, also known as FIDO2, instead of passwords. Windows Hello implements authentication with an IR webcam for facial recognition, a fingerprint scanner, or just by setting up and using a PIN. See Learn about Windows Hello and set it up.

I developed KH Authenticator, an application which registers and authenticates a user without a password or email address. The authentication process qualifies as multifactor. The application is installed on something you have. To access the online account, you must provide a PIN (something you know) or a recognized fingerprint scan (something you are). The KH Authenticator application is developed with Visual Studio 2022 and .NET MAUI and is available for Windows and Android. See KH Authenticator Server. Version 2.x and above of the UWPP implements the KH Authenticator API.

The UWPP was initially developed back in 2021 with framework .NET 5.0. Version 2.x of the project integrated the ASP.NET Core 6.0 - Homegrown Analytics Project and implements multiple email addresses per user. I enabled the nullable context and mitigated all warnings and issues. See Nullable reference types. The latest version of the UWPP is published at UsersWithoutPasswords. Com. I encourage you to download the KH Authenticator App. Use the app to register a user without a password or email address. Then authenticate a login with the app. The project supports multiple KH Authenticator apps and multiple FIDO2 authenticators. Users can self-manage authenticators in Manage Account. Admins can list users, authenticators, and histories.