blog posts

Passwords

A World Without Passwords; Close But Challenging

In The World Of Technology, And At Some Point In The Not-Too-Distant Future, There Will Be No More Passwords; How Ready Are You To Live In A World Without A Password?

The future is full of science fiction promises that few expect to come true; Promises such as flying cars, life on Mars, or human clones; But some promises, while seemingly achievable, are still waiting to come true; Promises like the end of the age of passwords.

The good news is that the infrastructure for password-free login support is now available on all popular operating systems and browsers; But not so good news? We still need to enter a password to access various websites, and the situation will remain the same for a long time.

There is no doubt that passwords play a major role in the occurrence of horrific security nightmares.

Because creating and managing passwords is really tedious and time-consuming, many people often use only one password to log in to different websites. Their chosen passwords are straightforward and guessable; Let’s say some people simultaneously use both of these bad habits.

This is why the need for password-free authentication with methods such as biometrics, which are inherent and more difficult to steal, is felt more than ever.

There is all the infrastructure for a password-free world; But implementing it takes time.

Some of you are probably already using biometrics to unlock your smartphone. Mechanisms such as the face or fingerprint recognition run locally on the phone. Companies do not need to store user passwords or biometric details on their servers, which hackers occasionally attack.

In rare cases, you can enter the network without an Internet connection and password and with the help of a physical token. Overall, the world is moving in a direction to access our online accounts in almost all cases without entering a password.

“Early on, we didn’t even know how to get rid of passwords,” said Mark Reacher, Google’s senior management for product authentication and security platforms. “Now we have found a way, but it will take some time to implement.”

Challenges of transitioning from the world of passwords

When Microsoft introduced Windows 11,  it announced more steps to log in without a password using biometric methods and a PIN.

Apple announced a few weeks ago that iOS 15 and macOS Monterey would use a new option called Passkeys in the iCloud Keychain password management app, which is a step towards using biometric or PIN methods to log in.

In this regard, Google spoke of its efforts to improve password management security and persuade users to refrain from using passwords.

Despite these efforts and the efforts of other companies to draw the attention of developers and users to a world without a password, two more challenges than any other obstacle to the realization of this dream.

The first challenge is that although not all users are happy with managing and creating passwords, using passwords to log in to online accounts is widespread, and breaking the habit that has been forming for decades is not easy.

The first thing any user on the Internet does is create a password, according to Andrew Shikiar, CEO of FIDO Alliance, specializing in secure authentication.

“The problem is that we are dependent on fragile and vulnerable infrastructure. “What we need to do is break this dependence.”

The first thing any user does on the Internet is creating a password

But the second challenge is more troublesome than the first. Many password-replacing authentication mechanisms can only be implemented on newer devices and require smartphones and at least one other device.
However, many people in the world share their smart devices and can not upgrade them regularly. Many also use non-smartphones or do not have a phone at all.

On the other hand, account recovery options are still a long way from a password-free world. When you use a PIN to recover your account or answer security questions, you are still using the password, but differently.

As a result, methods designed to remove passwords go-to systems in which you have already authenticated a device verify another new device.

Reacher describes the situation as follows:

Suppose you leave your cell phone in a taxi, but still have access to your laptop at home. Buy a new phone and use the laptop to authenticate and retrieve information from your previous phone. Then someone will find your lost phone, whose information is still protected by the device’s local lock. We are not going to impose password problems on account recovery methods.

This method is certainly easier than keeping account recovery codes on paper, but you still have to think of a solution for cases where a person can not or does not want to have more than one personal device.

Problems of biometric method in authentication

With the increasing use of password-free authentication methods, concerns are being raised about the transition from traditional methods. Akshay Bhargava, chief product officer of the 1Password password management app, which naturally benefits from using password-based authentication, says it welcomes new methods wherever it makes sense to use them.

For example, to open the 1Password app on iOS and Mac OS, you can open it with the TouchID or FaceID biometric method instead of typing the password.

Of course, there is a slight difference between the original password that locks the password management application and the passwords stored in this application; A copy of all the passwords stored in this application is registered in its servers for user authentication, but the main password that unlocks the application is only available to the user and 1Password has no information about it.

According to Bhargava, this difference makes password-free authentication, at least in its current form, a better option for some than for others.

Password change is easy, But it is not possible to change the face or fingerprint.

The use of biometric methods for authentication is ideal in many ways; Because it requires the physical presence of the user; But some security experts, including Bhargava, are concerned about overuse.

This group is concerned that the user’s biometric information, such as his fingerprints or face, maybe stolen and forged by cybercriminals; And while changing the password is easily possible, and the only positive thing about this traditional authentication method is that the user’s face, fingerprints, voice, and heart rate cannot change.

Creating a password-free ecosystem that can cover all current password functions, as well as billions of people without a smartphone or multiple devices, requires more time and experimentation.

On the other hand, sharing an account with trusted people in a password-free world will be more difficult, and connecting all your accounts to just one device like a smartphone will tempt hackers to infiltrate the device further.

Until passwords are completely gone, it is important to take security tips seriously to create strong and unique passwords, use password management applications and double-factor authentication wherever possible.

At the same time, try this password-free authentication method wherever possible, for example, when launching Windows 11. By doing this, you may find yourself lifting a load that you did not even know was weighing on your friend.