I ask users at least once a week, “Do you remember your password?” It’s part of being in the IT industry. But guess what? Those pesky, complicated passwords that nobody can remember are on the chopping block. Hooray! Newsflash: you’re likely using passwordless devices already. This new way of authentication has been a hot topic in the tech industry lately, and all the big players (Microsoft, Google, Apple) are participating.
Per Wikipedia, passwordless authentication is an authentication method in which a user can log in to a computer system without entering (and needing to remember) a password or any other knowledge-based secret. In most common implementations, users enter their public identifier (username, phone number, email address, etc.) and then complete the authentication process by providing a secure proof of identity through a registered device or token.
Ok, so what does that mean? Here are the most common ways that you’re already using it:
- Apple Devices: fingerprints, facial recognition, multiple device codes
- Google: opening other Google apps to log in, such as YouTube or Gmail
- Microsoft: Hello login (facial recognition), authentication app
Do those methods sound familiar? Or maybe you have an authentication app like Duo that sends your device an alert to allow entry. All of these methods are new ways that user security is improving.
As a tech, this is music to my ears! Passwords have become too risky and unstable. I think the password should be the last line of defense, not the first. It should be used in a “break in case of an emergency” situation that does not get used frequently, as it becomes exposed and easier to compromise. When you hear “passwordless,” you’ll understand what it means! It’s a better technique that software is using to confirm your identity and minimize security threats.