Forgot your password? New tech initiative offers relief from this ongoing headache

As technology becomes increasingly integral to daily life, passwords are essential for securing online accounts. Yet, the burden of managing numerous unique passwords has led to the rise of password managers, which themselves rely on a single password. Even these are not foolproof, as Microsoft reports 111 million daily password attacks. To address this vulnerability, tech leaders like Apple, Google, Amazon, and Microsoft formed the "FIDO Alliance", working on a groundbreaking passwordless login system called passkeys.

Passwords are a weak link in cybersecurity, with over 80% of data breaches occuring due to weak passwords. As described in an article by Business Insider, most people often neglect basic security measures, even when aware their credentials are at risk. Solutions like two-factor authentication offer incremental improvements but fail to address the root problem. According to Google’s Christiaan Brand, the current system is fundamentally flawed and requires a fresh start.

In 2004, Microsoft Chief Bill Gates famously predicted the death of traditional passwords, and there have been several attempts to replace them. But none have been able to find an alternative — until now. Passkeys are a novel alternative that aims to replace passwords with biometric authentication or device PINs. Users authenticate by scanning a fingerprint or face, eliminating the need for memorizing or managing passwords. According to Steve Won, the chief product officer of premium password manager app "1Password" and a member of the FIDO Alliance describes their key advantage: “You literally cannot steal a password if the password doesn’t exist.”

Passkeys rely on a pair of virtual keys: one stored on the user’s device and the other on a server. During login, these keys are matched to grant access. This system provides convenience, security, and resistance to phishing attacks. Major companies, including Apple, Google, and Mastercard, are adopting passkeys, signaling broad industry support.

Setting up a passkey requires no additional apps. Systems from Apple, Google, and Microsoft now include built-in support. Users create a passkey by authenticating via biometrics or a device PIN. Once verified, the system generates a public key stored on the service’s server and a private key saved locally. Logging in later is seamless. Users select the passkey option and authenticate via biometrics or a PIN. The private key unlocks access by matching the public key on the server. Unlike passwords, passkeys are resistant to breaches, as biometric data and private keys never leave the device.

Adoption and Challenges

Despite their advantages, passkeys too have to face several hurdles before being in a position to wave goodbye to old-school passwords. Currently, only a limited number of websites and apps support them. Traditional passwords remain the fallback for many services. However, the FIDO Alliance expects rapid growth in adoption over the next year, driven by industry momentum and the increasing imperative to address password vulnerabilities.

Another issue with passkeys is that they are often tied to specific ecosystems, such as Apple or Google, complicating use across devices from different manufacturers. This lack of cross-platform compatibility can deter users with mixed-device setups.

Biometric-based passkeys are also not ideal for shared accounts, such as those used by families. Streaming platforms and other businesses aiming to curb account sharing may find passkeys beneficial, but legitimate users sharing access within households could face challenges. Currently, fallback traditional logins allow sharing in such cases, but a passkey-only model would require physical proximity for setup.

The Path Forward

Disregarding the above mentioned challenges, the passwordless movement has managed to gain significant traction. The FIDO Alliance remains optimistic about passkeys becoming the norm with its  executive director, Andrew Shikiar, believing that the growing number of companies joining the initiative demonstrates the urgency of solving the password problem. While adoption is still limited, the industry anticipates widespread support in the near future.

By Nazrin Sadigova