One of our main objectives with PushCoin V3 is to eliminate the use of passwords. Passwords have long been the weakest link in online security and a constant source of frustration for families and administrators alike.
Parents often forget their passwords. Reset emails don’t always arrive or get lost in cluttered inboxes. Supporting password resets has become a recurring administrative burden that adds no real value to the experience. On the other hand, keeping passwords short for convenience makes accounts weak, while making them long and complex makes them nearly impossible to remember. Most users ultimately rely on their browser’s “Remember this password” option, which is convenient but exposes them to risks outside of our control.
PushCoin V3 takes a different path: a passwordless login system built on time-based one-time passwords (TOTP).
How it works
- At signup, every parent enrolls in TOTP. This is the same standard technology used in Google Authenticator, Microsoft Authenticator, Authy, and other widely available apps.
- At login, parents enter the TOTP code. The code is generated on their device and changes every 30 seconds. There is no password to remember.
- If a parent loses access to their authenticator app—for example, if they change phones and didn’t save their recovery codes—they can request login help via SMS or email verification.
Easier access with “remember this device”
For day-to-day convenience, families may choose to enable “remember this device.” Once enabled, they won’t need to enter a TOTP code every time they log in from that same phone, tablet, or computer. Behind the scenes, we apply multiple safety checks to make sure the login request matches the original trusted device before granting access.
School system administrators will use the same passwordless login experience as parents. At signup, they will also be required to enroll in TOTP, and on subsequent logins can choose “remember this device” for quick access from their regular work computer. If an administrator loses access to their authenticator app, backup login methods such as SMS or email will be available to regain access. For those who prefer hardware-based security, administrators may also use a physical U2F key. This ensures consistency across all user roles, reduces support overhead, and keeps the entire platform aligned on a single, more secure authentication model.
Why this is better
- Strong security – A one-time code that changes every 30 seconds is safer than a password that might be guessed, reused across sites, or stored insecurely.
- Less frustration – No more password resets, forgotten logins, or help desk calls just to get into the system.
- More convenience – Parents can still enjoy one-click login on their trusted devices without sacrificing security.
By removing passwords, PushCoin V3 creates a system that is both secure and simpler to use. Parents get peace of mind and easy access, while schools and districts spend less time managing forgotten logins.