Is the time of the password finally behind us? For years, cybersecurity professionals and developers alike have been warning of the imminent rise of widespread passwordless login.
So, when Microsoft, Google, and Apple announced their reinvigorated commitment to supporting secure, passwordless login across their channels in May, it signaled to many that now might just be the time that our predictions start becoming reality.
But for those business owners still clinging to the security of their password protection – or, those wary about how, exactly, the switch to passwordless is going to work for their team – the mention of foregoing traditional credentials once and for all is likely to muster up more nerves than excitement.
Take it from the experts: there’s no need to panic. Let us walk you through it.
From the EMPIST helpdesk, here’s what business owners should know about passwordless login.
A Brief History of the Password
Obviously, the use of passwords, passcodes, or codewords to protect sensitive information long predates the internet or even computers themselves. However, in today’s digital age, there’s no denying that our collective understanding of passwords is directly tied to our lives online.
The first digital password as we know it is by and large believed to have been invented by MIT computer scientist Fernando Corbató in the 1960s as a way to divvy up users’ private files in MIT’s Compatible Time-Sharing System (CTSS). Though, in an interview with Wired in 2012, Corbató insists that others simply must have come first.
What’s odd is that, apart from keeping individual user files separate, this password system didn’t really have much to do with security at all. In fact, the passwords were mostly put in place as a way to ensure that each user was allotted the correct amount of time to use the system without taking up too much storage space. According to the same Wired interview, these passwords themselves were even reportedly hacked by another user in 1962.
His goal? Just to get more time logged in.
All this to say, the reason we use passwords to log in to devices, software, online accounts, and other technologies has a lot less to do with security and a whole lot more to do with development than we might be led to believe.
So, while the idea of passwordless login could seem somewhat unfathomable to modern users, the truth is that passwords themselves aren’t inherently tied to protecting your information online. We don’t use them because they’re the best at keeping our data safe, we use them because they’re what we’re used to.
And frankly, your business deserves a better approach to security than “well that’s how we’ve always done it” don’t you think?
Enter: passwordless login.
Passwordless Login, Defined
As we know it today, passwordless login (also known as passwordless authentication) defines the process of gaining entry to a given digital account without a known passcode. There are many modes of identity verification that fall under the header of passwordless login – biometric data, hardware tokens, and, to some extent, single sign-on (SSO), among them – but what ties each of these modes together is that there is no character-based password saved in the system that the user is trying to access.
In fact, the process of passwordless login is incredibly varied and innovative. As engineers and business owners look for less-hackable ways to access accounts, they in turn have found more creative ways to validate the identity of online users.
So, How Does Passwordless Login Work?
There are several methodologies by which a company can achieve safe passwordless login. While you may be familiar with a few of them already (perhaps as one of the steps in your multi-factor authentication protocol) let’s review some of the most common options:
- Biometric Data – Fingerprint scanning, voice recognition, and retina scans are all types of biometric data that software can use to log you into your account. This kind of passwordless login is often praised for its convenience, but as you might expect, it isn’t entirely infallible.
- Hardware Tokens – Though not particularly popular, USB drives, keycards, and other hardware tokens can also be used to log team members in without having to use a password.
- Magic Links – One-time links sent to a separate account have been a standard form of passwordless login for guest users for a while now, but they could soon become your only means of login, too.
- Device Codes – Single-use codes (either sent via text, email, or other notification) should be fairly familiar to you by now.
Is Passwordless Login Secure?
While it may seem counterintuitive, the experts at EMPIST are here to tell you that passwordless login is actually more secure than using your standard set of credentials. Because your servers don’t have an actual password to store, hackers don’t have information to steal. What’s more, because users don’t have a password to memorize, there’s no information for phishers to target. Additionally, properly constructed passwords are often difficult to remember. Going passwordless eliminates any confusion for your users when logging in, reducing the number of times you might have to recover passwords.
Like anything else you do online, there are, of course, limitations to how secure passwordless login can be (there has been a drastic rise in MFA hacks recently, for example) but in total, going passwordless is much safer for your business overall.
Protection That Goes Beyond Passwords
Passwordless or not, you can’t rely on one form of security alone to keep your information safe. EMPIST takes a layered approach to enterprise-level cybersecurity.
We pride ourselves on crafting customizable, complex security systems that actually work for your organization’s needs so that you can rest easy knowing that your data is safe. To learn more about EMPIST’s cybersecurity solutions, visit us online here.
To get started with an EMPIST expert right now, you can get in touch with us here.