Passwords - we love to hate them.
Although they’re part and parcel with virtually every device and service we interact with, they’ve never evolved beyond their status as a nuisance.
The good news? The future of passwords is likely to be passwordless! Sounds like a dream come true, doesn't it? It’s closer than you might think
Needless to say, the passwordless future is not a new concept. Tech giants like Google and Microsoft have been working on password alternatives for years, and now the fruits of their labour are starting to be realised.
But what does a passwordless future actually look like? And how soon can we expect it to become a reality? In this blog, we’ll sketch out the passwordless future. But first, why are companies looking to kill the password?
Passwords are something of a necessary evil: our accounts need to be secured in order to protect our data, but the process of creating secure passwords and then memorising them is frustrating, to say the least. Especially when the average person has 100 of them to remember!
The issues go further than the volume of passwords, however. The fact is most common passwords in use are shockingly simple, easy to guess and unsecured. And, of course, once a password is acquired by a criminal through guesswork, phishing or otherwise, it can be freely shared.
In theory, by replacing passwords with alternative solutions, you can mitigate these problems, ensuring secure accounts for everyone and an end to the memory games we’re currently playing. So, what are some of these solutions? Let's take a look.
There’s a good chance you’re already familiar with biometric authentication. Biometrics use unique physical characteristics, such as fingerprints or facial recognition, to identify users.
This method is becoming increasingly common in smartphones and laptops, and it’s considered secure enough for online accounts and even bank transactions.
Biometric authentication is convenient and secure, as it is difficult (though not impossible) to replicate someone's physical characteristics.
However, there are concerns about privacy and the storage of biometric data. In addition to issues around ease of use when in poor conditions, where you might be wearing gloves or covering your face.
Single Sign-on (SSO) is a popular solution for managing passwords and authentication across multiple accounts. SSO allows users to log in once using one set of credentials and then access multiple accounts and applications without entering their login information again.
You’ve probably encountered Single Sign-on before, as it’s now a common option when logging in or signing up for new accounts and services. These will generally let you log in with your Google, Microsoft, Facebook or other major accounts.
This not only saves time and reduces the hassle of managing multiple passwords, but it can also improve security by reducing the risk of weak or easily guessable passwords. With SSO, you only need one secure and distinct password.
Universal keys are a less common, abeit promising, solution for managing authentication across multiple accounts. A universal key is a single device or piece of software that can be used to access multiple accounts and applications.
Similar to SSO, universal keys eliminate the need for multiple passwords, but they take it a step further by providing an additional layer of security. Universal keys use public-key cryptography, meaning each key has a unique identifier that a server verifies.
This makes them highly secure and difficult to hack. However, if you lose or have your physical key stolen, you’re at risk of losing access to all of your accounts.
Join the thousands who've discovered how Bob's Business' security and compliance awareness training reduces risk, demonstrates improvement and builds cultures.
The truth is that it's already happening. Many companies are already using passwordless solutions, and it's likely that more will follow suit in the coming years. Microsoft, for example, is aiming to make Windows passwordless by 2025, and Google has been pushing passwordless authentication through its Advanced Protection Program.
But despite these advances, passwords are still widely used and will be for the foreseeable future.
This is partly because not everyone has access to the latest technology, and partly because some people simply prefer the familiarity of passwords.
It's also important to note that passwordless solutions are not foolproof and can still be vulnerable to certain types of attacks.
Here are a few tips:
The future of passwords is passwordless, but we’re not there yet. Biometric authentication, universal keys, and SSO are just a few of the solutions that are already available, but it will take time for these solutions to reach total adoption - and to surmount concerns around privacy and security.
In the meantime, it’s on each and every one of us to take steps to improve password security by using strong and unique passwords, enabling two-factor authentication, and being vigilant against phishing scams.
By doing so, we can help protect ourselves and our sensitive information in the digital age.
Ready to start training your team to protect your business against the threats of today and tomorrow? Discover cybersecurity awareness training that engages, entertains and informs your staff.