Are we heading towards a future without passwords?

7 Jun 2023

Image: © Vitalii Vodolazskyi/Stock.adobe.com

New supports for password alternatives are being rolled out, but there isn’t a clear timeframe for when – or if – passwords will become a thing of the past.

Passwords may become a thing of the past, as even password-management companies are taking steps to adopt more secure alternatives.

Many tech companies have shared their intentions to expand support for alternative sign-in methods. Last year, Apple, Google and Microsoft shared plans to support a passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.

Now, password manager 1Password has revealed that it has enabled passkey support on its public beta, which is available for users on five different web browsers.

Passkeys enable people to sign in using an “authenticator” such as a fingerprint, face scan or lock PIN. Supporters of passkeys argue that they are more secure than passwords in various ways. 1Password argued that passkeys remove the issue of memorising passwords or scenarios where people constantly re-use passwords across different sites.

“There’s no such thing as a “weak” passkey, and they can’t be stolen in a data breach,” 1Password said in a blog post. “These passwordless login credentials also speed up the process of signing in to your online accounts.”

“We’re proud to be leading the transition from passwords to passkeys, and can’t wait for you to start saving your own passkeys in 1Password.”

The public beta is accessible on the web browsers Chrome, Firefox, Edge, Safari and Brave.

Google moves away from passwords

While several tech giants have said they will support passkeys, Google has been taking some of the biggest steps towards a passwordless future.

Last month, the company began rolling out support for passkeys across Google Accounts on “all major platforms”, in a move that Google described as the “beginning of the end” of the password.

This push has recently extended to Google Workspace and Google Cloud. The tech giant launched its own open beta earlier this week, giving more than 9m organisations the ability to log in using passkeys instead of passwords.

In a blog post, Google argued that passwords are no longer sufficient in keeping data safe against cyberattacks. This view is similar to statements made by FIDO, the open industry association that is looking to reduce reliance on passwords.

Last year, FIDO described password-only authentication as “one of the biggest security problems” on the web. This is because many users end up reusing the same password across multiple services, which can lead to data breaches and account takeovers.

Will we remove passwords?

Many security experts have advocated for passwordless authentication methods to minimise the risk of breaches. But the timeframe for when – or if – we remove passwords entirely is uncertain. In 2011, IBM made the prediction that passwords would be history within five years.

Passwords have been around for decades and there will likely be difficulties in getting everyone to swap to passkeys. Google clarified last month that it will continue supporting password logins and two-step verification.

Craig Lurey, CTO and co-founder of cybersecurity company Keeper Security, argued in 2021 that “no matter how much we innovate, passwords are here to stay”.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com