What a future without passwords would look like when it could happen

Managing your online passwords can be a daunting task.

Creating the kind of long, complicated passwords that best deter cyber thieves – especially for dozens of different online accounts – can be tedious. But it is necessary given the record number of data breaches in the United States last year.

That’s why it’s so tempting to dream of a future where no one needs to constantly update and change online passwords to stay ahead of hackers and keep data secure. Here’s the good news: Some of the biggest names in technology are already saying that the dream of a password-free Internet is close to coming true. Apple, Google and Microsoft are among those trying to pave the way.

In the hopeful future, you still need to prove your identity to access your accounts and information. But at least you do not have to remember endless rows of unique eight-character (or longer) passwords, right?

Well, maybe not quite. The answer is still a bit complicated.

What password-free options already exist?

In theory, removing passwords from your cybersecurity equation is what former Homeland Security Secretary Michael Chertoff has called “by far the weakest link in cybersecurity.” More than 80% of data breaches are the result of weak or compromised passwords, according to Verizon.

In September, Microsoft announced that its users could go completely without a password to access services like Windows, Xbox and Microsoft 365. Microsoft users can instead use options like Windows Hello or Microsoft Authenticator apps that use fingerprints or face recognition tools for to help you log in securely.

Microsoft also allows users to sign in using a verification code sent to your phone or email, or with a physical security key – similar to a USB drive – that connects to your computer and has an encryption that is unique to you and your device.

Joy Chik, Microsoft’s vice president of identity, wrote in a company blog post in September that tools like two-factor authentication have helped improve users’ account security in recent years – but hackers can still find ways around these extra measures. “As long as passwords are still part of the equation, they are vulnerable,” she wrote.

Similarly, Google sells physical security keys, and its Smart Lock app allows you to press a button on your Android or iOS device to sign in to your Google Account online. In May 2021, the company said that these tools were part of Google’s work toward “creating a future where one day you will not need a password at all.”

Apple devices have been using Touch ID and Face ID features for several years. The company is also developing its passkey feature so you can use the same fingerprint or face recognition tools to create passwordless logins for apps and accounts on your iOS devices.

So in a way, a future without a password is already here: Microsoft says that “almost 100%” of its employees use password-free options to log in to their corporate accounts. But getting each company to offer passwordless options to employees and customers will definitely take some time – and it may take a while before everyone feels secure enough to dump passwords in favor of something new.

That’s not the only problem either.

How safe are they?

It is not without risks to do away with passwords completely.

First, verification codes sent via email or text message can be intercepted by hackers. Even more frightening: Hackers have shown the ability to cheat fingerprints and face recognition systems, sometimes by stealing your biometric data. As annoying as changing your password can be, it’s much harder to change your face or your fingerprints.

Second, some of today’s password-free options still ask you to create a PIN or security question to back up your account. It’s not much different than having a password. In other words, technology companies have not yet perfected the technology.

And third, there is the issue of widespread adoption. As Wired pointed out last year, most password-free features require you to own a smartphone or other fairly new device. And while the vast majority of Americans own a smartphone, these devices vary dramatically in terms of age and internal hardware.

In addition, technology companies still need to make online accounts available across multiple platforms, not just on smartphones – and also for those people who do not own smartphones at all, approx. 15% of the United States

In other words, it will probably still take some time before passwords are completely extinct. Enjoy typing your long, complex strings of characters in login boxes while you can.

Sign up now: Get smarter about your money and career with our weekly newsletter

Do not miss:

If your passwords are less than 8 characters long, change them immediately, says a new study

These are the 20 most common passwords leaked on the dark web – make sure none of them are yours

Leave a Reply

Your email address will not be published.