The Password Is on Its Way Out

How many passwords do you have? Likely a lot. Hopefully, each one is strong and unique, with no repeats. However, statistically, that isn’t very likely. Many of us reuse the same, weak passwords, which leaves our digital data vulnerable to hacking. Even if our passwords are cryptographically perfect, phishing tricks too many of us into giving up our precious details.
June 14, 2022
 / 
meritsolutions
 / 
Image

How many passwords do you have? Likely a lot. Hopefully, each one is strong and unique, with no repeats. However, statistically, that isn’t very likely. Many of us reuse the same, weak passwords, which leaves our digital data vulnerable to hacking. Even if our passwords are cryptographically perfect, phishing tricks too many of us into giving up our precious details. There must be a better way.

That’s where passwordless authentication comes in: This new way of thinking suggests passwords are an old-school, outdated way of confirming our identities. Rather than refer hundreds of hard-to-remember passwords, all of which are susceptible to leaks or hacks, some argue an encrypted authentication option, unique for each user and account, is the way forward. If each account is only accessible from the trusted device of the one who owns the account, that account and its contents is much better protected than with a simple password.

Apple’s new ‘Passkeys’ offer users a way out of passwords

Apple rolled out its vision for a passwordless future on Monday, June 6, during its WWDC 2022 event. As part of its announcement of iOS 16, iPadOS 16, and macOS Ventura, the company revealed its plans for Passkey, the password replacement for all Apple customers.

The idea is this: Instead of using a traditional password, passkeys are “cryptographic key pairs,” created using FIDO Alliance and W3C standards. Unlike passwords, these key pairs cannot be guessed, whether by a human or a computer. That alone will put typical hacking methods, like brute forcing, out of commission. These keys cannot be reused, nor can they be weak: Each passkey will be as strong as the last.

Passkeys are also only available on the website or account they were created for: That means phishers cannot trick you into sharing your passkey on a fake website made to look like the real deal. Unless you’re actually signing into the website the passkey is tied to, it simply won’t work. Best of all, passkeys are end-to-end encrypted: Even though they are stored on the cloud, they can only be read by the device you have access to. Without your Face ID or Touch ID authentication, even Apple cannot interpret your passkeys.

When signing into an account on an Apple device, accessing your passkey is as easy as a Face ID or Touch ID scan. However, you can also sign into your accounts on a non-Apple device, so long as your iPhone is nearby. You can use a QR code to authenticate yourself, so your passkeys are always available on any device you use.

Passwordless authentication is the way of the future

Apple isn’t the first to suggest passwords should be a thing of the past. While Apple users will need to wait until the fall to take advantage of Passkeys, Microsoft currently offers ways to “go passwordless,” including using authentication solutions like Windows Hello, the Microsoft Authenticator app, as well as SMS or email codes. Microsoft and Apple will assuredly not be the last to offer you these options, and, when available, you should take them. Authentication protocols like these are much more secure than traditional passwords, and will put a sizeable roadblock in front of would-be hackers.

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.