Yep. We moved away from passwords. Here’s why.

Ben Waldman

As of today, Gander no longer uses passwords. For the next little while you’ll sign in exclusively with a one-time code (aka One Time Password or OTP).

If you use modern apps, you’ve certainly seen this approach before as part of better web security. But if you haven’t, or if you’re wondering “why Gander… why?” read on.

TL;DR

  • Passwords get reused, forgotten, and leaked
  • Storing them makes us a target
  • Most account takeovers come from reused credentials
  • One-time codes remove that risk and simplify login
  • We collect less sensitive data, which makes the platform safer
  • Passkeys and stronger authentication are coming next

The nutshell: no passwords = less risk + better foundation.

OTP is step one toward simpler, more secure sign-in.

Why we chose this

While we’d love to say everyone is stellar with password hygiene, unfortunately… we know it just ain’t true.

If you’ve been using the internet for even just five years, you probably have some of those sad, old passwords you reused long ago… that are still floating around in data breaches on the dark web.

And even though plenty of folks use secure password storage tools, the reality is that most don’t. And fewer still can remember &5f!#_JisKl98 (or whatever) offhand.

The fact of the matter is, we’re building Gander for real life, not ideal scenarios.

And in real life, passwords are a bit of a mess.

Not because people don’t care… most people just aren’t on top of it. Or they they have better things to do than manage dozens of perfectly unique logins.

That gap between “how security is supposed to work” and “how people actually use the internet” is where most problems start.

So we decided to be proactive, early.

Reducing friction where it counts

We’re also thinking about friction a bit differently.

In some areas, we’re intentionally adding it.

Things like protecting the community, reducing abuse, and making sure people are who they say they are… things that require a bit more effort. And we’re okay with that.

But if we’re going to ask for that kind of friction, we need to remove it elsewhere.

Passwords are a perfect example of friction that doesn’t really help.

They create:

  • lockouts
  • resets
  • support headaches
  • and stress, especially for people who aren’t super technical

And when something goes wrong like a forgotten password, reused password, or a compromised account it puts the burden back on the user to fix it.

OTP shifts that.

No remembering, recovery flows, or long-term credentials floating around waiting to be reused or show up in some bad actor’s toolkit.

So while we’re adding friction where it protects people, we’re removing it where it doesn’t.

That balance matters.

Authentication is serious business

If we store passwords, we become a target.

A lovely sovereign target for people who aren’t exactly jazzed with a network like ours, or who see opportunity in messing with it.

And there’s the trouble, even when everything is done properly:

  • hashed
  • salted
  • locked down

Password databases still get breached. It happens to good teams, with good practices, all the time.

And when it does, it doesn’t just stay contained. Those credentials get reused across other services.

That’s how a lot of account takeovers happen today, and we don’t want Gander to be part of that chain.

Less data, less risk

There’s another piece to this that matters just as much.

Every piece of data we collect is something we’re responsible for protecting.

Passwords aren’t just a login method—they’re sensitive data that needs to be stored, secured, monitored, and defended over time.

And the more of that we hold, the bigger the surface area becomes.

So we made a simple call:

No passwords to store = no passwords to steal.

By removing passwords entirely:

  • we reduce what we collect
  • we reduce what we store
  • we reduce what we have to protect

Which lets us focus on what actually matters: keeping the community safe.

Less data isn’t just simpler… it’s safer.

Why OTP

We didn’t land on OTP by accident.

At a high level, passwords fail in the same way, over and over:

  • they get reused
  • they get leaked
  • they get tried across other services

That last one… credential stuffing… is one of the most common ways accounts get taken over today.

OTP changes that dynamic.

There’s no password to reuse, nothing long-term sitting in a database, nothing an attacker can take from one breach and try somewhere else.

Each code:

  • works once
  • expires quickly
  • and then it’s gone

Is it perfect? Nope. No system is. OTP can still be phished in real time, and SMS-based codes rely on telecom systems and phone number ownership, both of which have known weaknesses.

But OTP removes the most common way accounts get hacked, which is a good first step.

This is step one

We’re not stopping here. We’re already working toward passkeys, authenticator apps and MFA.

Things that are even more secure and about as much effort.

Moving away from passwords now lets us build on that foundation properly. And we’ll keep improving this as we go.

A quick note

If you’ve built a solid system around your passwords respect. Truly. We wish more people were on top of things, too.

But we’re designing for a wide range of people, across ages, comfort levels, and habits.

Our goal is to make the default experience safer, without asking people to think about it too much.

And make everyone safer.

Ben Waldman Avatar
Ben Waldman is the CEO and co-founder of Gander social. For 25 years, he’s worked at the intersection of design, technology, and social impact, helping public institutions, non-profits, and mission-driven orgs tell better stories, serve their communities, and navigate digital transformation.