The Password Revolution
Big tech seems intent on getting rid of passwords, but what does the future of password-less technology look like?
The Problem
Passwords have been with us throughout history.
In the bible Gileadite soldiers used the word "shibboleth" to detect their enemies, the Romans called them “watchwords” and used them to find spies, and they were used during prohibition in the US to enter “speakeasy” saloons.
Nowadays the most common passwords are: 123456, 123456789, Qwerty, Password, 12345. Clearly a better form of security is needed.
As Google’s article entitled “The beginning of the end of the password” points out “[passwords] are often frustrating to remember and put you at risk if they end up in the wrong hands.”
Current solutions include things such as 2 Factor Authentication and Google’s Password Manager, both of which come with their own problems.
To really solve the problems associated with passwords, we need to move beyond them.
The Solution
Enter passkeys.
Passkeys let you sign into apps or websites the same way you can unlock your device - with a fingerprint, face scan, or screen lock PIN.
They’re based on standards set by the FIDO (Fast Identity Online) Alliance, the organization that develops open authentication standards around the world.
Passkeys are unique and encrypted digital identifiers generated by a user’s device. The process for creating one is as follows:
Public key cryptography is used to make a public and private key pair.
This pair then forms the passkey on the device.
The device verifies you as an authorized user when you unlock the phone using a password, PIN, or biometric authentication.
Your phone and its passkey then function as a key to additional devices and applications.
Now, instead of having to type in a password on one device and again to log into Facebook (or any other platform), your phone tells Facebook to let you in automatically.
This means no phishing attacks and no one trying to steal your password to login to one of your accounts. Now they’d need your device unlock method (password, PIN, biometric) and the device itself.
Passkeys are already available on many platforms including Paypal, Shopify and Google Chrome.
The switch to using passkeys will take time and passwords and 2-step verification will still be around for years, but passkeys offer a better user experience and a more secure way of accessing your accounts.
They do come with a few of their own problems such as the security of the device itself becoming much more important.
If you have a PIN code on your device and a thief has both the device and knows the PIN code, they potentially have access to all your apps on the device.
Using a biometric form of authentication would avoid this problem though, provided the device is locked when it’s stolen.
But it seems imminent that in a few years, passkeys will become the dominant mode of authentication.
The Future
Passkey support will still have to be added to every browser, password manager, and website.
But Okta, a cloud-based authentication platform, has called on every software company to begin using passkeys by 2025 and reduce their reliance on passwords.
It seems like the tech industry is intent on making passkeys the dominant form of authentication.
They solve almost all the problems with passwords and although there’s still the issue of users needing to keep the physical device itself secure, this is much easier than keeping track of dozens of passwords.
It’s going to be a long journey toward a password-less future but it seems like it’s only a matter of time until passwords become a thing of the past.