Towards a passwordless future
The world seems to be moving in the direction of passwordless authentication.
It can be a hassle to create and remember different passwords for the various devices and applications we use. Creating one for everything can increase the risk of hacking, while remembering multiple of these can be a task, impossible at times. The tech world has taken heed with companies increasingly moving towards a passwordless future!
First thing first, passwordless access refers to the ways of authentication that do not require you to enter passwords. Instead, access is granted based on other factors such as biometrics, such as fingerprint and facial recognition, magic links, push notifications, etc.
Recently, Google announced that it is rolling out passkeys for Google Accounts. The company made the announcement in a blog titled ‘The beginning of the end of the password’. In it, Google wrote, “For some time we and others in the industry have been working on a simpler and safer alternative to passwords. While passwords will be with us for some time to come, they are often frustrating to remember and put you at risk if they end up in the wrong hands.” Explaining what passkeys are in another post, it said, “With passkeys, users can sign in to apps and websites with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, freeing them from having to remember and manage passwords.”
Notably, last year, tech giants Google, Apple and Microsoft, along with the FIDO Alliance, announced a partnership to make passwordless login a reality. Since then, the companies have been rolling out initiatives towards the same. American fintech company PayPal, too, introduced in October support for passkeys on iOS devices. Companies like Shopify and Kayak have also rolled out similar initiatives.
Notably, there are several ways for passwordless authentication. One is biometric authentication, through which login is granted through the users’ physical features like fingerprint and face. Then there are magic links. Here, the user receives a link in her email, clicking on which access is granted. Although a secure way, a drawback is that the link expires in just a few minutes. Also, at times, these links go into the spam folder. Another way is through OTPs, which one gets either on the phone or in the mail, whatever option the user has chosen. Although a good option, there is often a problem of non-deliverability, creating unnecessary hassle for the user. Push notification is another way of passwordless authentication.
Interestingly, some password manager apps are also moving towards the passwordless way. One example is Dashlane, which is reportedly in the process of replacing its master password with passwordless logins such as biometric or device-based. This will do away the need for users to remember even a single password. As per media reports, Dashlane’s passwordless login uses cryptographic keys, which are not the same as passkeys. 1Password,too, is reportedly looking at similar avenues.
Not only users, companies can also benefit from going the passwordless way. From the employee standpoint, a study revealed that 44% of employees find that the process of logging in spoils mood and diminishes productivity. From the consumer perspective, another study, by FICO Alliance, revealed that 58% of online shoppers abandon their shopping carts due to issues with login, harming the companies’ revenue. Not just that, making the login experience easier for users improves their interaction with your business, benefitting the company. Also, passwordless authentication is found to be better for cybersecurity and preventing attacks that impact both companies and users.