Do you remember creating your first ever gmail account?
Wasn’t creating passwords easy back then?
With time passwords changed from words and numbers to alpha-numeric to must-include-Upper-case and what not.
In short, it only got complicated to create passwords and even difficult to remember them, especially in cases of updating them with new ones every 30 days.
We’ve all been there, forgetting passwords. What if I tell the future holds a passwordless world, would you believe it?
Of course you do, here’s how it will happen.
What does it actually mean to go passwordless?
Have you ever witnessed when a website or application grants access only after successful authentication of two or more pieces of evidence, say something you possess or something you have knowledge about?
Well, that’s MFA (multi-factor authentication). And no, that’s not going passwordless. Neither are the OTPs we receive on SMS.
Then, what is it?
As the name suggests, passwordless authentication is a way of verifying users’ identities without using passwords or any other crammed secret.
Instead, it works on the “possession factor” — a registered mobile device or a hardware token, or it works on the “inherence factor” — biometric signatures like fingerprints, retina, face, etc.
Ways to authenticate when passwordless
Well, biometric technology is just the tip of the iceberg. There are various other ways of passwordless login.
Biometrics: What could be better than the unique physical traits— fingerprints, retina, etc.
Possession factor: User identity validation via something that the user owns.
Magic Links: Links that users receive via email provides direct access to the user.
How passwordless authentication works?
How a typical password-based authentication system works is by comparing what the user has input with what is stored in the database.
Once the input matches with the database, access is granted.
Well, the only difference is in the type of input. Here, it works by replacing the password with much safer authentication factors.
It works on the digital key pair of private and public keys. Say the public key is a lock and the private key, the only key to unlock that lock.
For accessing, the user needs to use the private key available on the it’s local device which is only accessible using authentication factors (biometric, etc.).
Why is there a need to go passwordless?
Apart from the obvious reason of escaping one’s memory, passwords offer a threat of getting compromised.
It just takes the right combination of email or username and password, and hackers can easily access everything you possess.
Think of it this way, one account/device getting hacked, now associated with it, the mails, photos, documents, details to bank accounts, contacts, and everything else can be accessed and misused.
Passwordless authentication can prevent that from happening.
And, that’s the reason why companies like Google and Microsoft are going passwordless.
What else does it offer?
Going passwordless offers a number of benefits over passwords.
- Protection against phishing attacks and Brute-force attacks
- Better User Experience
- Long-term reduction on password management cost
The question that still remains is if the future is going to be passwordless.
Well, despite the efforts to strengthen password security, it is still far from being the ultimate way of securing data. Still people, worldwide, continue to use passwords.
However, we do see the future going passwordless very soon.
It is only safe to say goodbye to those sticky notes filled with different passwords and frequent reliance on the “Forgot Password” function.