How secure are your passwords? Password-less ways to adopt now.

I have struggled with not remembering passwords, dealing with complex password rotating policies, and expired passwords. And I decided to share all the new passwordless technologies out there. After reading this article you can be better prepared to adopt passwordless technologies out there.

Photo by Towfiqu barbhuiya on Unsplash

Gone are the days of remembering cumbersome long passwords in today’s time. With the progress of technology in security and authentication mechanisms, there are oodles of options in today’s market. It’s even more relevant today than ever. Remembering passwords for tens of e-commerce, banking, and credit card logins is more of a burden and less secure.

Does that mean passwordless is the future?

Jailbreak Passwords

How many times have you procrastinated logging into a website if you have forgotten the password?

In order to break free of the shackles of passwords forgotten, organizations are rapidly adopting passwordless authentication to guarantee a butter-smooth but secure user experience for their customers.

Not only forgotten passwords are the issue here, but passwords are also routinely reused across multiple e-commerce platforms. Recursive passwords are the hefty price we pay for the small convenience of not remembering them.

One World — Many Passwords

Let’s delve deeper into passwordless mechanisms.

Biometrics

We are familiar with biometrics login to our devices such as Faceid(iPhone) and fingerprint scans(Macbook). It’s a huge relief not to type in passwords every time you need to login.

Biometrics are being used by organizations, law enforcement, governments to identify people. It entails usually two steps —

1. capture the biometrics first and then
2. compare the biometric data with the biometric record.

Common types of biometrics are the face, voice, fingerprints as well as DNA biometrics. Now let’s discuss the advantages of biometrics. Unlike username/passwords, biometrics don’t need to be memorized. They are unique, immutable, and super convenient. One might argue about the potential risks involved like security data breaches that expose this critical piece of information. Unlike passwords, there is no way to just change one’s biometrics if required.

The real observation is the onus lies on the shoulders of the organizations to store and serve the biometrics data safely and securely.

Email/SMS links

Recently many businesses have started using email/SMS to provide a one-time short-lived link for users to login. This is secure as it’s sent to only registered devices.

OTP

OTPs are fairly common these days. They are part of 2FA/MFA but they can also be used solely as temporary one-time-use passwords.

Pros and Cons of Passwordless

Now that we have a proper understanding of different passwordless strategies, let’s go over the pros and cons:

Advantages

1. Improved Security — Passwords are the weakest link in the security chain due to the multiple reasons we discussed. Hackers can get hold of your password from a data breach and use it against you.
2. Seamless User Experience — The user experience friction can be reduced monumentally if passwords are not involved. No need to remember, reuse, or renew passwords.
3. Password storage cost reduction — It has been found that using biometrics drops the password storage cost for an enterprise at an average of $120 per password. This adds up suddenly if you scale it to thousands of users for an enterprise
4. Reduced password fatigue for users and companies — Since passwords are not involved anymore, it’s a win-win for both parties due to a reduction in this burden. Being able to get out of password fatigue is a huge boon for digital companies that rely on user retention and struggle with high user churn.

Disadvantages

1. Upfront installation cost — Implementing passwordless features such as biometrics and single sign-on can be a huge undertaking for an enterprise. It involves a herculean cost to install an absolutely new authentication system on current active directories. Also implementing biometrics or OTP involves procurement of new hardware. For physical OTPs, companies need to invest in hard token devices. Similarly for biometrics, advanced fingerprint, and retina scanners are needed which are not exactly low cost.
2. Change in user behavior — The end users need to be trained with the new methods. Some users are well used to passwords and might find it harder to adapt to a passwordless future. The easiest of the solutions is which doesn’t involve creating a new user behavior. The adoption of such a thing can easily run into hindrances.
3. Complication from failed/lost devices — Passwordless logins depend on phones, emails, or hard tokens. So a person losing their device can seriously cause trouble. It’s an additional step to recover the accounts in such cases for a person already dealing with a lost device.

Passwordless Future is here Now

Look around and you will the likes of Microsoft already going fully passwordless. The future is here now already and it’s time we embrace it. Passwords were never safe and never will be. The new digital world demands passwords to be obsolete and a thing of the past. What’s your take on it? In the meantime lemme guess your password. If you are still using one!