Passwordless Future is Here
Hate remembering or managing passwords? Good news: the future is passwordless and it’s already happening. You might be able to go passwordless for some services you already use right now.
Passwordless means you don’t need passwords to authenticate apps. Instead, users enter their mobile phone number or email address and receive a one-time code or link, which they can then use to log in.
Apple is also added a new service called Passkeys in iOS 16 and macOS Ventura. Passkeys use Touch ID or Face ID for biometric verification, and iCloud Keychain to sync across iPhone, iPad, Mac, and Apple TV with end-to-end encryption.
Passwords Are Vulnurable
Authentication methods that require only username and password are vulnerable. Attackers can guess or steal credentials and gain access to sensitive information and IT systems using a variety of techniques, including:
- Credential stuffing — using stolen or leaked credentials from one account to gain access to other accounts (people often use the same username/password combination for many accounts)
- Phishing — using fake emails or text messages to trick a victim to enter their credentials.
- Brute force methods — using programs to generate random username/password combinations or exploit common weak passwords like 123456
- Keylogging — installing malware on a computer to capture username/password keystrokes
- Man-in-the-middle attacks — intercepting communications streams (over public WiFi, for example) and replaying credentials
Types of Passwordless Authentication
Passwordless authentication reduces risk and improves user satisfaction. It can be achieved in many ways. Here are a few:
- Magic links: The user enters their email address, and the system sends them an email. The email contains a link which grants access to the user.
- One Time Passwords: The user enters their phone number, and the system sends them an SMS. Message contains a one-time-password, which grants access to the user.
- Biometrics: Physical traits, like fingerprint or retina scans, and behavioral traits. Apple’s new Passkeys feature uses Face ID or Touch ID to confirm that it’s you who’s trying to sign in before confirming or denying the request to the app or website.
- Possession factors: Authentication via something that a user owns or carries with them. For example, the code generated by a smartphone authenticator app, OTPs received via SMS, or a hardware token.
Is Passwordless Authentication Safe?
There’s no authentication system out there which can’t be hacked. If safe means harder to crack and less prone to the most common cyberattacks, then yes, passwordless authentication is definitely safe.
There is no obvious way to hack it, but it doesn’t mean that the most sophisticated hackers can’t work their way around its defenses.
With that said, passwordless techniques are inherently safer than passwords. E.g., to hack a password-based system, a bad actor may use the variety of techniques listed above like phising, leaked credentials, brute-force etc. Even the amateur hackers can perform a these kind of attacks. Conversely, it takes a significantly higher level of hacking experience and sophistication to infiltrate a passwordless system.
Which Apps Are Passwordless?
“This isn’t a future dream to replace passwords. This is something that’s going to be a road to completely replace passwords, and it’s starting now.”
Kurt Knight, Apple
The future is definitely passwordless and it’s already happening now. We use passwordless authentication in our fintech app Alternatif SuperApp!
We definitely love to try new technologies and tools at Macellan. We try to experience new technologies as early as possible. We are very keen on our R&D studies, stay tuned for our upcoming posts about Macellan and Alternatif SuperApp!
If you want to know more about us, take a look at Macellan’s Instagram and Linkedin pages too.
We are always on a lookout for great talents. If you are interested in what we do, check out our career page, you can become a member of Macellan’s Mürettebat too!
