3aIT Blog

The word Password on individual tilesThere's been a low-level murmur that passwords will be a thing of the past for some time now. Yet still, we dutifully create (and forget) increasingly complex strings with the looming threat of our entire online identities being stolen if someone guesses it. At last, those days may be numbered.

Various big companies are now uniting round a standard they're calling Passkey. Using this method, the device you are using (PC / tablet / phone etc) becomes your authorisation to access any given service rather than a username / password combination. In other words, once you've unlocked your device with a fingerprint, facial recognition, PIN or similar, you will effectively also be immediately logged in to all apps and websites you've created accounts on.

The advantages of this system don't end there. You will probably have seen many stories about databases being compromised over the years, and usernames + passwords being stolen. The passwords are usually encrypted, but it's still far from ideal when someone gets their hands on this data. With this Passkey setup, there are no passwords in the database. Only half of the "key" is stored at their end, and that half is useless without the half stored on your device.

A fish leaping for a fishing hookThere's more! If there's no more passwords, then there's no more password phishing. It will be literally impossible to be duped by a phishing scam that's after your login credentials, because you don't know them - it's all just an exchange of data between trusted sources happening in the background. Unless someone has physical access to a device to which you've granted access to a service, they cannot log in as you.

Although this sort of technology has been around for a while, as is often the case with these things, getting the various interested parties to agree on a single solution has been the barrier to widespread adoption. Microsoft in particular have made headway into this already - many that use Microsoft 365 will have used their passwordless authenticator app to unlock their accounts.

The other thing that often happens with these innovations is Apple comes along a couple of years later, slaps a new name on it and pretends they've invented it, taking all the glory. So it proves again here - they are first out of the blocks with the version they've agreed to implement, and it's included in iOS 16. Microsoft and Google are actively testing their own versions of this, and they'll be included in their various devices and browsers fairly soon.

A pile of electronic devicesOn the other side of the equation, Paypal is already allowing users in the US to adopt this login method, along with other companies like eBay and Wordpress.

Right now, things are a little patchy supportwise, especially if you use multiple devices and they don't all use the same operating system. However, assuming momentum builds around this system, these kinks are likely to be ironed out pretty quickly. The stars do seem to be aligning around this solution. Given the very clear gain it provides, it seems pretty likely that users and businesses will quickly favour this approach. By this time next year, you may never have to remember a password again...