Passwordless Authentication

Recently I frequently met discussions about passwordless authentication: is this myth finally becoming reality? It is at least 20 years that we have been discussing and announcing the demise of passwords.

Passwords can be substituted by biometrics, but also hardware tokens (eg. security keys), smartphones etc. together with authenticator apps, single-sign-on, identity federation and so on.

Is this enough to get rid of passwords?

Well, passwords are very cheap to manage and very scalable, well known, used and abused, possible to forget but not to break down or to be physically lost or stolen. And most systems will still use passwords / PIN codes as backup.

Already today access to most personal devices (smartphones, tablets, portables etc.) is passwordless, usually by biometrics, with password as backup. But this is very local to each personal device and it seems difficult to scale it up to all systems and applications.

So where do we really stand on the way to “passwordlessness”? How and when will we get there?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.