Passwords seem to be dying out and the future holds a different way of connecting to services.
How do you see a future that does not require you to remember or manage large lists of passwords? It seems that such a future is just around the corner. That is, to be able to connect with services, materials and applications without the use of the well-known 123456.
What does "no password" mean?
Passwordless login eliminates the need to provide a password, whether it is an alphanumeric password you need to remember, or track it in a password manager. You will still need to remember an ID such as your username or email address, but you will have to prove your identity in some other way.
In his time two-factor authentication (F2A) there are already such applications without a password. The ultimate goal of this logic is to completely remove passwords, and allow you to verify your identity using other means.
Such media can be a mobile authentication application, accessible only to you, biometrics such as a fingerprint or facial scan, a physical device such as a key card or USB stick, or less secure approaches such as SMS or email verification codes.
Of course all of the above can coexist and you will be asked to use more than one method to prove your identity.
Steps have already been taken to develop password-free connections, thanks to new standards such as Web Authentication (WebAuthn). This approach eliminates the need to store biometric data, such as fingerprints or facial expressions, on a central server, which could have a devastating effect on security.
Web Authentication allows sensitive data to remain on your device while only one key is sent to the server. The verification is performed locally on your device, which is then verified using a public key on the server. This eliminates the need to protect confidential information on a server (such as a password), as the "password" only exists on your local device.
What are the advantages of Passwordless?
One of the biggest benefits of not using a password is simplicity. While most people have already adapted to using password managers, there are still some passwords (such as a master password master password) that you need to keep in mind. You can not save the password of the database, which contains your passwords !.
Proceeding without a password, you can verify your identity without having to remember anything. You may need to authenticate with a mobile app or scan your face or fingerprint and that's it.
By completely removing passwords, you remove a vulnerability in the security of an account. This is not going to happen overnight and it will take time for many to come to terms with a future that uses alternative verification methods. The business world is already embracing such solutions as YubiKey, as the costs associated with password breaches can be so high.
This cost does not always mean money. It can be a waste of connection time, mental fatigue and error avoidance. Passwordless solutions will not always be friction-free, but put less emphasis on the end user to remember or protect an arbitrary set of numbers, symbols and letters.
Which Services allow you to Passwordless?
So far only Microsoft lets you to log in completely without a password. This means you can completely remove your password from your account and use Microsoft services, including Xbox, Microsoft 365, and Windows, without having to type or paste a password.
You can do this by downloading the Microsoft Authenticator application for Android ή iOS and then sign in to your Microsoft account in a web browser. Once logged in, select "Advanced Security Options", then scroll down to "Additional Security" and click "Enable" next to the option for an account without a password.
As part of the process, you will be asked to save some backup codes that you can use to sign in to your Microsoft account in case you lose access to the Microsoft Authenticator application. You can always revisit the Microsoft Security Options website and turn off the password reset feature on your account.
Google is also moving towards a password-free future, with the company announcing in May 2021 that it "creates a future where one day you will not need a password at all." If you have an Android device, you can simply use your smartphone to connect to the web sign in to your Google Account, press "Security" and then select "Setup" in the "Use your phone to connect" option.
And Apple has something similar in iOS 15 and macOS 12.
Passwordless solution is not perfect
No solution is perfect, or completely infallible. May lose physical access on a device or leave something connected that could put your accounts at risk. Even Face ID and Touch ID can be used on people who are asleep or unconscious. Until and DeepFake can get into the bay.
Perhaps the biggest hurdle will be getting more people to give up their passwords in favor of a new way. Because, even as an imperfect solution there is no reason to throw it out.
Passwords are outdated and impractical anyway and it's time to move on.