Big tech is coming for your passwords

It is starting to look like passwords may soon be a thing of the past. We recently covered a story about new password-replacing technology that Google is implementing in Chrome and also have to tell you that it is not just Google moving in this direction either. Other big players like Microsoft are also pushing their own passwordless solutions and a broad alliance of big players including everybody from Amazon and Apple to Mastercard and Visa pushing for a passwordless future.

So, what’s it all about then? What is wrong with passwords and what are the merits of the proposed password replacements? Let’s take a look at the broader trend sweeping across the tech industry that is ushering us into a passwordless future.

The problem with your passwords

Tech experts have been saying for years that passwords are yesterday’s technology because, to put it simply, they are not very secure. Having access rely entirely on the correct input of a variety of numbers, letters, and characters creates vulnerability as it allows anybody who is able to input the correct combination access to your accounts. The password is supposed to verify your identity as, supposedly, you would be the only person who would know it, but in reality, all it does is ensure access to anybody who knows the password. The problem here then is that passwords may be weak and easy to guess, repeated across multiple accounts, or even be visible and easily found.

To be fair to passwords, the main problem with them is us. We have to remember our passwords and we should never have the same password for more than one online account, and passwords need to be both long and complex. Oh yes, we also need to regularly change our passwords if we are to stay one step ahead of the cybercriminals who are trying to break into our digital accounts. This is all too much for our human brains to take and we often break at least one of those rules, if not many, and if we do successfully follow them all it is normally because we have resorted to writing them down on something that we store close to our devices.

We have seen various innovations designed to overturn those inherent cybersecurity weaknesses such as the very effective password manager apps or multi-factor authentication, but, ultimately, these too can fall short when it comes to keeping our digital selves and digital assets safe when we are online. This is why we are now facing a passwordless future based on innovative technological processes that will verify our identity securely and efficiently.

What are the alternatives?

We have already mentioned a couple of the alternatives available to replace passwords in our modern cybersecurity defense setup. Let’s take a look at them in a little more detail as well checking out a few of the other alternatives too.

Multi-factor authentication

Multi-factor authentication or MFA involves using more than one method to verify your identity. One of these is usually a password, which is then often backed up by either a link or a code being sent to a mobile number or email address. Strictly speaking, however, one of these methods of authentication doesn’t have to be a password and could include other security credentials such as biometric data, a USB key, a signal sent from a smart watch, or even just a simple pin number.

Password managers

OK, password managers are not an alternative to passwords, but they do offer insight into what a passwordless future may look like. With password managers you allow a program or app to manually set your new passwords complete with high levels of complexity and then securely store them in a single encrypted vault. This means that beyond the access credential needed to access your vault, you are taken out of the process of logging into your accounts as the password manager will do it for you. If you remove the human from the process, you remove the possibility of human error.

Biometric data

As mentioned earlier, biometric data is becoming an increasingly prevalent and powerful way of verifying your identity when trying to access your online accounts. More and more devices are shipping with a variety of biometric scanners from fingerprint scanners to facial recognition devices. These are becoming increasingly secure and hard to break and the tech industry is leaning on them heavily to secure our accounts.

Behavioral recognition

Behavioral recognition is an interesting way of verifying someone’s identity that involves tracking all of the actions they perform on a device and then assessing them against known patterns. Interestingly, these work in a similar way to how captcha technology verifies you are human but on a more advanced level. Whenever you agree to a captcha system verifying that you are human you give it permission to scan your internet history, which it then uses to verify whether you are using the internet like a human would instead of how a bot would. Behavioral recognition does something similar but on a much more personalized level.

Passkeys

Passkeys seem to be the main alternative that the tech industry is betting on to replace passwords. They work using two separate keys, one that is stored on the website server and another that is stored on your device. Matching access to these keys with biometric data creates a secure and mostly human-proof form of identity verification that is already starting to roll out across a variety of tech products.

What do the big players say?

As we mentioned at the beginning of the article, all the big tech players as well as a variety of companies and organization from outside the tech industry have clubbed together to form the FIDO Alliance, with FIDO standing for Fast Identity Online. The FIDO Alliance has been around since 2013 and includes a lot of big players that have been looking to push us away from using passwords and toward a password-less future. It should be no surprise that we are seeing big players implementing password-free verification solutions when they have allied together to just that. In fact, Passkeys are an innovation of the alliance.

Why the FIDO Alliance says Passkeys are better than passwords

As we covered earlier, there are a plethora of vulnerabilities and weaknesses inherent in the use of passwords that revolve around our human frailties. On top of the security weaknesses, however, there are also several annoyances and stresses that come with password use. For a start, it is stressful to have to remember so many different passwords and to then have to change them again just as you think you are remembering them. On top of that, however, 1/3 of us walk away from online purchases because we can’t remember the password to the account we are trying to use. That is likely why big tech players are looking to turn us away from passwords because they are costing us money. Furthermore, according to the FIDO Alliance, it costs companies on average $70 to reset a password every time we forget one. Passkeys resolve all of these problems by relying on biometric data, which users cannot forget.

Conclusion

According to the FIDO Alliance more and, more companies are looking to incorporate Passkeys into their login procedures, so it does look like passwords are finally on the way out. In many ways and on the face of it, this looks like a positive move for users too as it removes a lot of the pain points attached to passwords and should ensure we maintain access to our accounts, even if we can’t remember how to access them.