Passwordless login became the main login for VKontakte users

VK ID has updated the authorization process for VKontakte users. Passwordless login methods will become the main method of authorization through VK ID – this will provide additional protection of accounts from password cracking. Users will be able to choose their own way to log in to their accounts: by code from SMS or call-reset, by face or fingerprint with OnePass, by QR code or push notification, or with the help of a code generation app.

VK ID has updated the process of authorizing VK ID users.

VK ID offers these login methods to VKontakte users who have access to passwordless authorization – to do so, you must confirm an up-to-date phone number or link a smartphone or other personal device to your account in your VK ID personal account. If necessary, the user will still be able to authorize by password – this option will remain in the list of additional ways to log in. In order to choose this option or a password-free login method, just click the “Confirm by another method” button.

The update will allow users to choose the login option most appropriate for each case. For example, if a user doesn’t have access to a cellular network but has a Wi-Fi connection, the best way to log in may be a push notification or a backup access code to the account, which can be obtained in the settings of the VK ID personal cabinet.

Users with two-factor authentication will first be prompted to enter a verification code from their personal device, and only then will they be prompted to enter their account password. This will provide additional security for the profiles: without access to the device, attackers will not be able to pick the password.

Addressors will not be able to pick the password.

“Bruteforce, a password brute force attack, remains one of the most common threats on the web. The use of identical passwords on different services and the lack of two-factor authentication make it easy for attackers to find a password, the most vulnerable element of an account. That’s why we are developing passwordless login methods – they significantly increase not only the complexity of account hacking, but also the cost of the attack itself, which makes bruteforcing unattractive for attackers. Attackers won’t be able to compromise an account password if it’s basically unused.”

Rustem Gazizov, director of VK’s customer protection department

VK ID is an account for quick registration and authorization in VK and partner services. With VK ID a user can enable two-factor authentication, control all authorizations to the account from different apps and devices, and receive individual recommendations on account protection. In 2023, the service’s monthly active audience in Russia reached 91 million users, up 14.6% from a year earlier.