What a future without passwords would look like, when it might happen
Managing your online passwords can be a chore.
Create the kind of long and complicated passwords that best deter cyber thieves, especially for dozens of different online accounts – can be tedious. But it is necessary, given the registration number of data breaches in the United States last year.
That’s why it’s so tempting to dream of a future where no one has to constantly update and change passwords online to stay ahead of hackers and ensure data security. Here’s the good news: some of the biggest names in tech are already saying that the dream of a passwordless Internet is about to come true. Apple, Google and Microsoft are among those trying to lead the way.
In this hopeful future, you will still need to prove your identity to access your accounts and information. But at least you wouldn’t have to remember endless strings of eight-character (or more) unique passwords, right?
Well, maybe not quite. The answer is still a bit complicated.
What passwordless options already exist?
In theory, removing passwords from your cybersecurity equation undoes what the old Homeland Security Secretary Michael Chertoff called it “by far the weakest link in cybersecurity.” Over 80% of data breaches are the result of weak or compromised passwords, according to Verizon.
In September, Microsoft announced which its users could use entirely without a password to access services such as Windows, Xbox and Microsoft 365. Microsoft users can instead use options such as Windows Hello or Microsoft Authenticator applications, which use fingerprints or facial recognition tools to help you log in securely.
Microsoft also allows users to sign in using a verification code sent to your phone or email, or with a physical security key – similar to a USB drive – that plugs into your computer and has unique encryption for you and your device.
Joy Chik, vice president of identity at Microsoft, wrote in September business blog post that tools like two-factor authentication have helped improve user account security in recent years, but hackers can still find ways to circumvent these additional measures. “As long as passwords are still part of the equation, they are vulnerable,” she wrote.
Similarly, Google sells physical security keys and its Smart Lock app lets you press a button on your Android or iOS device to sign into your Google Account on the web. In May 2021, the company said these tools are part of Google’s work to “create a future where one day you don’t need a password at all.”
Apple devices have used Touch ID and Face ID functionality for several years. The company is also developing its Passkeys function to allow you to use those same fingerprint or facial recognition tools to create logins without password for apps and accounts on your iOS devices.
So, in a sense, a passwordless future is already here: Microsoft says “nearly 100%” of company employees use passwordless options to log into their company accounts. But getting every company to offer password-free options to employees and customers is sure to take time — and it may be a while before everyone feels secure enough to get rid of passwords. in favor of something new.
That’s not the only problem either.
Removing passwords completely is not without risk.
First, verification codes sent via email or SMS can be intercepted by hackers. Even scarier: hackers have shown the ability to trick fingerprint and facial recognition systems, sometimes by steal your biometric data. As annoying as changing your password can be, changing your face or fingerprints is much more difficult.
Second, some of today’s no-password options still require you to create a PIN or security questions to back up your account. It’s not much different from having a password. In other words, tech companies haven’t perfected the technology yet.
And third, there’s a widespread adoption problem. Like Wired pointed out last year, most passwordless features require you to have a smartphone or other type of relatively new device. And while the vast majority of Americans own a smartphone, these devices vary widely in age and internal hardware.
Additionally, tech companies still need to make online accounts accessible across multiple platforms, not just smartphones — and also for people who don’t own smartphones at all, about 15% the United States
In other words, it will probably still take some time before the passwords completely disappear. Have fun typing your long and complex strings into login boxes while you can.
Register now: Be smarter about your money and your career with our weekly newsletter
If your passwords are less than 8 characters, change them immediately, according to a new study
These are the 20 most common leaked passwords on the dark web – make sure none of them are yours