Even though we are big believers in strong, unique passwords, we even get headaches about generating, maintaining, and safely storing hundreds of passwords. They are somehow too easily cracked by today’s cybercriminals but impossible for us to remember at the same time. Now many people are dreaming of a more secure future, a future where we’ve transcended the need for passwords. But is this a fantasy? And if isn’t, how close are we to achieving passwordless authentication?
Right now, passwordless authentication is sort of like multi-factor authentication with some cryptography thrown in. Instead of entering a password, you provide some form of identification like a fingerprint scan or hardware token code, which might be stored on your smartphone, for example. Basically, passwordless authentication involves a pair of cryptographic “keys,” a public key and a private key (which is also like how some cryptocurrency wallets work, if you’ve heard of that). Imagine turning both public key and private key at the same time — this is how you would access your passwordless account.
Some of this has already come online – in 2022, Apple announced a feature called “passkey,” a form of passwordless authentication. Google and Microsoft are working on similar projects. Companies and services like Best Buy, Kayak, and eBay have begun allowing users to choose passkeys for logging on. So, while we don’t think passwords are going away anytime soon (which is why you should always use strong ones), it seems passwordless authentication will be headed to your devices as an option very soon, if it isn’t there already. But with all new innovations, it will take time and concerted effort to ensure passwordless authentication realizes its potential. Hackers sure aren’t going to take a break in trying to figure out how to crack it. This is another reason why identity management, meaning managing who has access to online systems, is a critical topic for all digital citizens. Join us on Identity Management Day this April 11th to learn more!
About the Author: Barry Eitel is the Content Writer for the National Cybersecurity Alliance, where he crafts resources and news reports for the general public and cybersecurity specialists. He has written about technology, finance and small business for Insure.com, Policygenius, and Lendio. He was the Silicon Valley Correspondent for Turkey’s Anadolu Agency. He is also a playwright and screenwriter, and several of his plays have been produced around the country. He received his MFA in Dramatic Writing from NYU Tisch.