Open in app

Sign in

Write

Sign in

Will Passwords Soon Be a Thing of the Past?

Jack Pringle
2 min readJun 16, 2022

--

Most organizations and individuals rely on passwords to authenticate access to computer systems and electronic information. Passwords are a risky proposition, however, because 1) people have trouble remembering multiple passwords and often reuse the same passwords across services; and 2) threat actors can guess weak passwords. According to one source, about 80% of successful attacks (resulting in account takeovers, data breaches, and stolen identities) occur through either weak passwords or easily guessed or stolen passwords.

“Passwordless Sign-Ins” on the Horizon . . .

Mindful of the ongoing risks associated with passwords, on May 5th Apple, Google, and Microsoft announced plans to support a “passwordless” sign-in standard. This standard, created by the FIDO Alliance and the World Wide Web Consortium, will allow users to sign in via the same action they use to unlock their smartphones, such as fingerprint or face verification, or a device PIN. Some companies, (including Apple, Google, and Microsoft) already offer some forms of passwordless sign-in, and according to the announcement those sign-ins will soon become more seamless and secure.

In addition, Apple announced at its WWDC 2022 that it plans to launch passwordless logins in September of 2022.

In the Meantime . . .

Most of us will likely continue to use passwords for some period of time, as passwordless sign-in or other alternatives are adopted and refined. Consider one or more of the following to limit risk as you employ passwords:

  • Use strong, unique passwords or passphrases for all accounts. Strong passwords (ones that contain more and different characters) are harder to guess. Consider using a password manager as one way to reduce the fatigue of remembering so many login credentials. To learn more about password managers, watch this video;
  • Implement multifactor authentication (MFA), especially for remote access. Enabling MFA requires a combination of two or more authenticators to verify your identity. Using MFA is crucial when a password has been compromised, for example following a successful business email compromise (BEC) scheme;
  • Be Skeptical, and Train Those in Your Organization to be Skeptical. Never click links or open attachments in emails or texts that appear to come from your employer, bank or any other institution. Always login to your accounts directly.

For more, see Essential Computer Security Tips for All Businesses and Employees.

Security
Passwordless
Authentication
Trust
Information Security

--

--

Jack Pringle
Jack Pringle

Written by Jack Pringle

188 Followers
312 Following

Litigator, appellate advocate, regulatory and information technology attorney @adamsandreese, Information Privacy Professional (CIPP-US)

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams