Tech Giants Take One Step Closer to a Future without Passwords

Despite all their cons, passwords remain the most popular mechanism for enforcing security to protect users’ data. Some may think that the idea of “the future without passwords” is not new. There are existing authentication techniques, like biometric sensors and hardware keys, that do not require users to enter complex passwords to sign in. However, the initial account creation still requires the use of passwords due to various reasons that will be explained in the “Existing Passwordless Options” section.

Earlier this year, Apple, Google and Microsoft united to work on implementing passwordless sign-in on all major platforms. During its World-Wide Developers Conference in May 2022 (WWDC22), Apple announced the use of passkeys for the future without passwords through its 2022 rollout of iOS16 and macOS Ventura. The iOS and macOS rollout that took place in the fall of 2022 and Google’s announcement of bringing passkey support to Android and Chrome in Oct 2022 were a huge step towards the actualization of the future without passwords. However, many people have yet to fully understand how we can have a true passwordless digital world, which leads to the idea of passkeys. In this blog post, we’ll discuss what’s wrong with passwords and how passkeys work to get us closer to a future without passwords.

   
• What Is Wrong With Passwords?
   
• Existing Passwordless Options
   
• Passkey: A Step Closer to a Future Without Passwords
   
• Support Passkeys on Your Apps With Authgear
       

What Is Wrong With Passwords?

Passwords have several vulnerabilities. First of all, passwords are shared secrets. When users create new accounts, their passwords are stored in a server. The server verifies a user’s identity by comparing the stored one with what the user enters. Hackers can attack the servers and gain access to users’ passwords. Even if developers implement storage of passwords with hashing and salting correctly, it is still possible that the server software leak passwords in other bugs: such as via leaving passwords in logs. Passwords are also very susceptible to different types of attacks such as phishing, MITM, etc.

In addition, it is said that a single password is used to access five accounts on average, which is a leading factor in why people are hacked. Using different passwords can also be a risk factor since people might have a hard time remembering all of them. As a result, tech giants like Apple, Google and Microsoft are working together to create a future without passwords with passkeys.

Existing Passwordless Options

There are already several passwordless options that exist. Below are some examples.

• One Time Passwords (OTP)
• Hardware Keys
• Biometrics
• Magic Links

In general, going passwordless is more secure than user-generated passwords since the credentials used for passwordless authentication are harder for hackers to replicate or spoof.

Nevertheless, the current state of passwordless authentication isn’t enough for everyday use yet. Hardware keys are inconvenient to use and backup limited its popularity. You can’t transfer biometric data between iOS and Android devices. Hackers can intercept OTPs sent through SMS or emails before they reach the intended users or they can get the OTPs through phishing.

Passkey: A Step Closer to a Future Without Passwords

Furthermore, Authgear also comes with a set of authentication and user management features, such as pre-built signup and user profile pages, user analytics, WhatsApp OTP, social logins, etc., to help you provide better user experience, increase app conversion rate, and boost user retention rate.

Learn more about our Passkey API or request a demo to see how you can benefit from Authgear.