Why the password is not dead yet


The second obstacle is even more difficult. Even if all of these are in place, many password-free solutions only work on newer devices and require the possession of a smartphone and at least one other device. In fact, this is a fairly narrow use case.Many people all over the world share equipment and cannot upgrade frequently, or they use Feature phone, if available.

Although passwordless implementations are becoming more standardized, account recovery options are not.When Security Question Or PIN as a backup option, you are actually still using the password, but the format is different. Therefore, the password-less solution is moving towards a system where a device that you have previously authenticated can paint a new device as a trustworthy device.

“Suppose you left your phone in the taxi, but your laptop is still at home,” said Google’s Risher. “You get a new phone and use your laptop to bless your phone, and you can cheer yourself up again. Then when someone finds your lost phone, it is still protected by the local device lock. We don’t want to just transfer the password issue to The account is restored.”

This is certainly easier than keeping track of the backup recovery code on a piece of paper, but it again raises the issue of creating options for people who do not have or cannot maintain multiple personal devices.

With the proliferation of passwordless adoption, these practical questions about the transition still exist.This Password manager 1Password naturally has commercial interests in the continued rule of passwords, and it says it is happy to accept passwordless authentication wherever it makes sense. For example, on Apple’s iOS and macOS, you can use TouchID or FaceID to unlock your 1Password vault without having to enter your master password.

However, there are some subtle differences between the master password that locks the password manager and the password stored in it. The password treasury in the vault is used to authenticate the server that also stores a copy of the password. The master password that locks your vault is your secret; 1Password itself will never know it.

Akshay Bhargava, 1Password’s chief product manager, said that this distinction makes passwordless login, at least in its current form, more suitable for certain scenarios than other scenarios. He also pointed out that some long-term concerns about password alternatives still exist. For example, biometrics are very suitable for identity verification in many ways because they do convey your unique physical presence. However, the widespread use of biometric technology poses a problem: what happens if data about fingerprints or faces is stolen and may be manipulated by an attacker to impersonate you. Although you can change the password as you like (they are the best quality as an authenticator), your face, fingers, voice, or heartbeat are immutable.

It takes time and more experimentation to create a password-free ecosystem that can replace all the functions of passwords, especially an ecosystem that will not leave billions of people without smartphones or multiple devices behind. In a passwordless world, it becomes more difficult to share accounts with trusted people, and all content is tied to a device (such as your mobile phone), which creates a greater incentive for hackers to invade the device.

Until the password disappears completely, you should still follow Recommendations that WIRED has been pushing for years Regarding the use of strong and unique passwords, password managers (with Many good choices), with Two-step verification anywhere is fine.But when you see opportunities without passwords on some of the most sensitive accounts, such as When setting up Windows 11, Give it a try. You may feel that you don’t even know the weightlifting there.


More exciting connected stories

.

Leave a Reply

Your email address will not be published. Required fields are marked *