Passwordless: is this the future of authentication?
Let’s face it: no one likes traditional passwords. After all, there’s nothing practical about them. They have to be complex, memorized or, otherwise, stored in a specific application to manage them. And, to top it off, a cybercriminal can harness a series of attacks to steal them and gain access to your accounts.
Fortunately, it seems we’re headed towards a passwordless future, that is, we will no longer depend on any type of password for authentication in computer systems and online services.
Several major companies and institutions are engaged in this mission, with one of the more prominent among them FIDO Alliance, an open association that includes members of Google, Microsoft and other tech giants.
Founded in 2013, FIDO Alliance, along with its members, is responsible for developing alternative authentication standards and shot to fame largely due to the creation of the highly celebrated FIDO2.
Plainly speaking, this is technology applied to physical tokens that authenticate users through a physical connection (like a USB) or via approximation (like Bluetooth), recognizing a unique encrypted key inside.
Plug in to log in
It’s important to mention that the FIDO2 standard was only created thanks to a collaboration with World Wide Web Consortium (W3C), which has created its own passwordless authentication standard: WebAuthn. It allows users to access online accounts without entering a password, using biometry, mobile devices or FIDO keys, for example.
The main goal behind the creation of WebAuthn was to universalize the way browsers behave in relation to passwordless authentication technologies. When browsers are ready for these new standards, any website or web application will easily be able to use this functionality.
Nowadays, the leading social networks and online services we use on a daily basis – including Twitter, Facebook, Google products and the like – already support WebAuthn/FIDO2 standards.
Not only on the web
But you’d be mistaken to think that passwordless is limited to authentication in online services. Even operating systems have been adopting this method for some time now. Remember that smartphones equipped with fingerprint scanners and facial recognition to unlock devices have already been around for years, doing away with the need for PIN numbers and drawing patterns. Slowly but surely, computers are going the same way.
An excellent example of this is Windows Hello, which is in the Windows operating system. It allows users to log in using a variety of biometric identification methods, depending on the functionalities available on the device in question (a biometric reader, a webcam, among others).
At the end of the day, some of the biggest names in tech are dedicated to eliminating passwords once and for all. And you? Do you also think this passwordless future will be more practical?