A Future Without Passwords?
Has it happened to you that when trying to create a password to access a new site or online service, you were warned that the access code you want would be a weak password? A large percentage of people will ignore this warning and continue their registration in this way, probably because they have been using the same one for years or simply because they consider it unnecessary to think of a more complex one, and taking into account that an average executive must keep track of approximately 191 passwords , it is extremely convenient to share the same password with different sites even knowing that it is not a safe practice. Is it necessary to evolve and create new technologies to replace passwords, which have been protecting our digital lives for more than 60 years?
Fernando Corbato, inventor of passwords in the 1960s, recently commented in an interview for The Wall Street Journal that our current password situation has turned into a nightmare. We already know the lack of precaution that users put into the security of their access, but we must also consider that even the largest technology companies today have been careless with the storage of our passwords. For example, Facebook saved millions of passwords, some dating back to 2012, in plain text, without any encryption, and easily accessible by more than 20,000 employees. Something similar happened with Google, which in May 2019 shared on its blog that due to a bug in G Suite (the corporate version of Gmail) a portion of the passwords were also saved in text without any type of protection. We are also aware of data breaches and password theft on the Twitter and Instagram platforms.
For many years we only saw or read in works of fiction the use of fingerprints, iris analysis or face and voice detection, as forms of technological access, but today this is a reality in the pocket of millions of users with cell phones that have unlocking methods based on biometric data. These became popular in 2013 when Apple included Touch ID, a fingerprint reader, in its new iPhone models and later in iPads and laptops. With the advancement of biometric technology, Apple had the ability to replace this with Face ID, which scans the face of the device owner in 3 dimensions to gain access to it.
In May 2019, a big step was taken on the path to a password-free future, the World Wide Web Consortium (W3C) approved WebAuthn, which is an authentication standard that seeks to replace the use of passwords in the near future. WebAuthn is already supported by major browsers such as Chrome, Firefox, Edge, and Safari, and the fact that it is now accepted as a network standard will allow for greater adoption among various sites on the internet.
How does it work? The WebAuthn API allows websites to communicate with a FIDO security device to allow or deny access, these devices can be USB keys or some more advanced ones that combine this technology with a biometric reader, making access technically more complex but easier for people to use. Another important step in the adoption of this standard is that Android announced that all its devices capable of running its operating system in version 7.0 or higher will be certified with FIDO2, which makes it easier to use WebAuthn as adoption is not necessary. For more hardware to be able to use it, you will simply need a certified cell phone. Some portals that already support this technology are Google, Microsoft and Dropbox.
As with all new technology, there will be a lot of challenges during its adoption, after all it is easier to change a password than it is to change your physical identity in the event that a biometric system gets hacked.
Also Read : Biometrics: A Financial Solution