Managing your online passwords can be a chore.
Creating the long, complex passwords that best deter online thieves — especially for dozens of different online accounts — can be tedious. But it was necessary given the record number of data breaches in the U.S. last year.
That’s why it’s so tempting to dream of a future where no one has to constantly update and change online passwords to stay ahead of hackers and keep data safe. The good news: some of the biggest names in tech have said that the dream of a passwordless internet is about to become a reality. Apple, Google and Microsoft are all trying to pave the way.
In that promising future, you’ll still need to prove your identity to gain access to your accounts and information. But at least you don’t have to memorize endless strings of unique eight-character (or longer) passwords, right?
Well, maybe not quite. The answer is still a bit complicated.
What password-less options already exist?
In theory, removing passwords from your cybersecurity equation could remove what former Homeland Security Secretary Michael Chertoff called “by far the weakest link in cybersecurity.” According to Verizon, more than 80 percent of data breaches are due to weak or compromised passwords.
In September, Microsoft announced that its users would have completely password-free access to services such as Windows, Xbox and Microsoft 365. Microsoft users can instead use options like Windows Hello or the Microsoft Authenticator app, which use fingerprint or facial recognition tools to help you log in securely.
Microsoft also allows users to log in using a verification code sent to your phone or email, or using a physical security key (similar to a USB drive) that plugs into your computer and has encryption unique to you and your device.
In recent years, tools such as two-factor authentication have helped increase the security of users’ accounts — but hackers can still find ways to circumvent them, Joy Chik, Microsoft’s vice president of identity, wrote in a company blog post in September. method of additional measures. “As long as passwords remain part of the equation, they are vulnerable,” she wrote.
Likewise, Google sells physical security keys, and its Smart Lock app allows you to tap a button on your Android or iOS device to log into your Google account on the web. In May 2021, the company said the tools were part of Google’s work “to create a future where you won’t need passwords at all one day.”
Apple’s devices have used Touch ID and Face ID features for years. The company is also working on its Passkeys feature, which allows you to create passwordless logins for apps and accounts on iOS devices using the same fingerprint or facial recognition tools.
So, in a sense, a passwordless future is here: Microsoft says that “nearly 100 percent” of the company’s employees use the passwordless option to log into their corporate accounts. But it will definitely take some time for every company to offer a password-less option to employees and customers — and it may be a while before everyone feels secure enough to dump their passwords to support something new.
This isn’t the only problem, either.
How safe are they?
Removing passwords altogether is not without risk.
First, verification codes sent via email or text message can be intercepted by hackers. Even scarier: Hackers have demonstrated the ability to fool fingerprint and facial recognition systems, sometimes stealing your biometric data. Changing your password can be annoying, but changing your face or fingerprint is much harder.
Second, some password-less options today still require you to create a PIN or security question to back up your account. It’s not much different from having a password. In other words, tech companies haven’t perfected the technology.
Third, there is the issue of widespread adoption. As Wired magazine pointed out last year, most password-less features require you to have a smartphone or some other fairly new device. While the vast majority of Americans do own smartphones, the devices vary widely in age and hardware inside.
Additionally, tech companies still need to make online accounts accessible across multiple platforms, not just on smartphones — and for people who don’t own a smartphone at all, about 15 percent of Americans
In other words, it may be a while before the password completely disappears. Enter as long and complex strings as possible into the login box.
Sign up now: Get smarter about your money and career with our weekly newsletter
do not miss it:
If Your Passwords Are Less Than 8 Characters, Change Them Now, A New Study Says
These are the 20 most common passwords leaked on the dark web – make sure none of them are yours
