Our Hackathon Winners Discuss Their Passwordless Login Project

Today, we're going to discuss two-time winner, The Deadly Six's, incredible project about passwordless technology.

Our Hackathon Winners Discuss Their Passwordless Login Project

Each year, we host two exciting Hackathons for the BigCommerce Product and Engineering teams. The first one occurs in Q1, and the second happens near the end of Q3.

Recent Article: Our Mobile Team Answers Your Burning Questions

We recently held the second one for 2022 and were blown away by all the amazing projects our teams submitted.

Today, we're going to discuss two-time winner, The Deadly Six's, incredible project. This team explored a new technology that eliminates the headaches that passwords often cause for a variety of users.

Before we dive in, let's quickly go over how BigCommerce's Hackathons are executed:

Hackathon Details

  • This Hackathon ran for three consecutive workdays.
  • The theme revolved around a beloved hedgehog that has blazed through the video game world since 1991. Do you see what we did there?
  • Teams consisted of up to five players. Their projects were not limited to code, and they did not need to benefit the BigCommerce platform or need a clear path to production.

Teams who demoed their completed projects had the opportunity to win the three coveted awards below:

  • Weiss-ly Done - This award is dedicated to our inspirational former team member, Matt Weiss, who made a difference in many of our teammates' lives. Senior leadership selects the team who solves an intimidating problem that others may be too leery to tackle.
  • Master Emerald - Think of this as the People's Choice Award, where BigCommerce team members throughout the world vote for their favorite project.
  • Super [enter the hedgehog's name here] - Product Management and the Designers choose the team who created the most impactful end-user experience for merchants, shoppers, or 3rd-party developers.

The Deadly Six took home two of these awards: Master Emerald and Super [you know his name].

Meet The Deadly Six

Danielle Cushing, Senior Software Engineer on the Mobile Team

Background: I studied linguistics in college, which surprisingly works well with computer programming because a lot of linguistics is pattern analysis. That’s a lot of software development as well, being able to break a problem down into pieces. I love and am really great at that stuff. I also taught English as a foreign language in Vietnam for a year. I really enjoyed that, but ultimately, I just like building things. I work on iOS development specifically, and it’s the coolest thing to be able to open something up in the app store and know that I had a hand in building it.

Role in this project:  I made this project work in the iOS app and across my iCloud account.

Connect with Danielle on LinkedIn.

Chris Ruddell, Lead Mobile Software Engineer on the Mobile Team

Background: Before I got into this programming stuff, I had a couple of different careers.  I started off as a Certified Public Accountant (CPA) and did that for several years. Then I went into the ministry, working at some churches. I eventually found that doing programming, especially mobile app development, was my passion. I love it. I find it much more challenging than anything I had been doing in the past.

Role in this project: I built the Android front-end and worked on the back-end server that the mobile app connects to, making it talk to the authentication service that Josh worked on.

Connect with Chris on LinkedIn.

Related Article: Mobile Developer Conferences Deliver Inspiration and Innovation

Josh Kleinpeter, Lead Software Engineer on the Identity and Access Management Team

Background: I’m the Computer Scientist in the group. I had a computer before most people started getting computers. I have a Computer Science degree and have worked in a lot of things. I’ve done a lot of front-end development and back-end development. I spent a lot of time in data centers, doing a project called OpenStack, which is an open-source version of what Google and Amazon do in their data centers. Now, I’m back in the web programming world.

Fun fact: I dabble in everything–lasers, ukuleles, and giving my team words they have to look up continually. I have a lot of random interests in life.

Role in this project:  I did the database back-end. I designed the GRPC, APIs, and built those. I built the web front-end as well.

Connect with Josh on LinkedIn.

Learn about Their Project

How did you come up with your team name?

Josh Kleinpeter: That was my fault. I know nothing about [the beloved hedgehog]. I think I’ve played the games a little bit. I looked in the lore, and there was a group of villains called, “The Deadly Six.” We had a team limit of five, and I thought it was ridiculous to name our team, “The Deadly Six.” That was about it, and everybody just went along with it.

Danielle Cushing: Yup.

What is the name of your project?

Danielle Cushing: It was called, “Passkeys: Logging in faster than [the beloved hedgehog] can put on his shoes.”

Please describe your project.

Chris Ruddell: Earlier this year, some of the big tech companies like Apple, Google, and I think Microsoft announced a new push towards passwordless login technology. Basically, what this technology does is allow you to login to your account using a device. Register that; it generates a secure key, and then you can use that key on any of your other devices.

We wanted to explore how that could be used at BigCommerce. We know that, for instance on the mobile app, the login experience has been one of our users' primary sources of frustration. Anytime we can make it easier for our merchants to start managing their stores without the headaches that sometimes come with forgotten passwords, expired passwords, etc., we thought it would be great.

We took the three days for the Hackathon to explore that and were pleasantly surprised at how easy Google and Apple have made this. For instance, you can register your computer through your browser on Chrome, login to your Google profile, and load up your mobile app. Because you’re logged in to that same Google account on the mobile app, it will instantly recognize that and log you in to the BigCommerce mobile app.

What inspired you to choose this project?

Josh Kleinpeter: It looked so stinking cool, seeing the demos online. My team is responsible for merchant authentication, and passwords are a pet peeve of mine. Password requirements are obtuse and annoying to users. Having requirements around PCI, requiring you to change your password at a certain cadence, is annoying to users. When you have a system that uses public and private key pairs instead, and your devices manage these things transparently for you, it builds a system that is a lot more secure and a lot simpler for the user. From a security perspective, that’s a win-win.

The other thing for me on the authentication side was we’ve been doing a lot of work this year, and we are detecting how authentication works on the back-end. No users have ever seen these things, but this was an opportunity for us to actually try out some of this stuff to see if we can add this thing easily given what we’ve built.

And, in fact, we could.

Danielle Cushing: I just wanted to know how this worked because it’s cool. It also makes me understand, appreciate, and feel better about systems that are using this passwordless login.

Chris Ruddell: This was a way to build something that would impact multiple systems at BigCommerce. Whether you login through the website or the mobile app–we were building something that could extend across the entire platform and would have a big impact.

Which pain points does your project solve?

Josh Kleinpeter: Security. Having a second factor device involved in it, because this is happening on your mobile device, is really useful. We support 2FA, two-factor authentication, on the website, but adding this kind of authentication mechanism gives you a two-for-one. It really just makes the process of authenticating really seamless for the user, which I feel like is exciting.

Chris Ruddell: For me, one of the problems I’ve always had with 2FA is it locks down my phone number. I feel like if I were to change my phone number, all of the sudden, I would have to figure out all the different websites and accounts that I’ve linked that phone number to for two-factor authentication. The idea that we’ve created a more secure web has turned into a more complicated web. What I really like about this technology is it goes back to the simple days of, “I just want to access my information.” I don’t want to give you my phone number. I don’t want to create another password that I have to remember or store in some password manager that might be compromised. It’s a very secure way of doing it, and it takes the headache out of authentication. I really hope this gets extended across the web, so many, many websites are using this.  

Danielle Cushing: Like Chris said, if I change my phone number, what am I going to do if I don’t have my phone on me? If I still have my iPad, I can use the same Apple account to authenticate stuff. It’s going to make things so much easier.

Which challenges did you face while you were developing your project?

Danielle Cushing: A minor thing on my end was the UI and UX because I’m terrible at that. I was like, “Here is a screen where you can register. It does not look pretty. It’s got a button, and it works.”

Josh Kleinpeter: I had two struggles–one was that all the examples I could find were all based on React, and we’re not using React on the authentication app. I struggled using a few pre-built things in “hacky” ways. And I thought, “This is dumb. I just need to go understand how this all works.” Once I sat down and said, “Just do the work,” it was fine. It took me a while before I got to that point.

Because my system is the base that everything was built on, I felt like I was scrambling at the beginning to get something so they [the team] could move on it. They could only do so much without a real API to build against. Once I got enough pieces where Chris could start building his piece, and then they could start building the mobile app, it really worked smoothly.

Chris Ruddell: One of the challenges we faced was working across teams. We knew Josh, and Josh knew us. We’ve worked in the same office together, but we’re working remote now. Being able to collaborate across teams like this to implement a single solution that works for everybody is something we don’t do as often as we should perhaps. To be able to do that in three days says a lot about our ability to work together. It took a lot of communication, and we did that really well.  I couldn’t be happier with the way it turned out.

How did you overcome these challenges?

Josh Kleinpeter: Grit and determination.

Danielle Cushing: Mm hmm.

What’s the one thing you’d change about this project?

Chris Ruddell: We did a really good job of designing what it would look like for the website. If we could go back, we would have a little bit more design effort going into the mobile app. We kind of rushed through that piece of it, and part of that as Josh was saying, was we needed to get some of the server stuff done first before we did the mobile app stuff. In hindsight, we probably would have been better off spending a little bit more time trying to design out what the flow would look like from a mobile app perspective.

Josh Kleinpeter: I cheated and hired a UX designer to design the website. I was really happy with it.

Danielle Cushing: Yeah. Jennifer Chalupnik did a very good job with it.

Grace Estle: I don’t think that’s cheating. I think it’s strategic.

What are the next steps for this project?

Danielle Cushing: I’m impressed with how much we were able to accomplish. I’m biased because I worked on it and think it’s a very cool project. I’m excited to see it go live when we’re at that point.

Grace Estle: You’re not biased because your team did win, so clearly, it’s a great project.

Danielle Cushing: True.

Josh Kleinpeter: I feel like I’m pretty happy with the data models that we built and the APIs that we built. They work how I would expect them to work. That’s the basis for us to build the real product on top of. Because we didn’t cut corners there, we’ve got some good bones to go in and do this for real.

Chris Ruddell: There are a couple things we need to do to add polish to it. As Josh mentioned, there’s some front-end work that needs to be done. That includes the mobile app. We need a way to actually register the device so that it looks like it belongs in the mobile app and some UI work that needs to go into the login process, deciding between using this new method versus existing methods.

The other thing is that I think we probably need more collaboration between the two teams on the back-end. There’s some shared data that we had to use between those services, so being able to decide where that data lives and how it gets propagated.

What advice would you give to an engineer who is about to participate in a Hackathon?

Danielle Cushing: My favorite thing about a Hackathon is that it’s a relatively low-stakes way to try something new. If it doesn’t go as planned, that’s just how it works. Not every project is going to come out the way you want it.

Chris Ruddell: Have fun with it. Hackathons should be about building something cool without the pressure that comes with your normal roadmap work. Recognize that even if you don’t meet your initial goals, it’s okay. You probably still learned something valuable along the way.

Josh Kleinpeter: It’s called a Hackathon for a reason. I wrote a couple of tests because I was cycling too much in the browser. I needed something to verify that this thing was working for me. I take all kinds of corners. I don’t try to make it perfect.

The other thing I did for this specific project was I did a lot of research ahead of time. We knew what we were doing, but there was specific technology around it. I looked at what tools I was going to use and all those kinds of things. It really helped set me up, so I wasn’t scrambling at the beginning. I knew generally how I wanted to plot things out.

Lastly, do a good job of dividing up the work. Whatever hack you’re doing, if you have a team, having people responsible for specific areas is very useful because they can just go to town and make their parts work.

Coming Soon: We'll be interviewing the other winner in the very near future. Stay tuned for that chat.

Meet BigCommerce's Engineers