The end of password pain: building frictionless authentication at the Guardian (theguardian.engineering)

The Guardian Engineering team replaced passwords with short-lived one-time passcodes sent by email across account creation, password reset and sign-in, using a unified identity portal for web and apps. The shift was intended to reduce account-creation drop-off caused by email verification links (including device/deep-link issues) and to lower password-related security risks from stolen credentials. The blog reports that passwordless sign-in adoption grew to about 82% of readers, with account verification failing rates dropping from 17% to 11% after moving from link-based verification to passcodes.