Although the use of passwords to authenticate information on the Internet is quite traditional, technology companies have been developing several solutions to try to put an end to “passwords”. The consensus is that computers and systems will still use code for a long time as a form of authentication, but users will probably not need to enter a password manually to log in.
The alternatives underway involve applications such as password generators, which automatically create, store and fill passwords; new means of verifying biometrics and the use of physical devices when logging into an online account – sometimes a solution may involve all methods at once. Here are six technologies that can replace passwords the way we know them.
1. Authentication Applications
Application-shaped authentifiers are already starting to replace passwords. Since 2018, Microsoft allows you to use Microsoft Authenticator to log in to company services without having to type codes. The feature needs to be configured only once to allow new entries just by clicking on a notification that pops up on the phone – which is already protected by digital scanning or face scanning.
A similar feature is already used by Google, Apple and other companies when two-step verification is enabled, but for now, only the Windows manufacturer allows you to use this feature without typing any passwords. Authentication apps are still compatible with few services – Microsoft’s only allows you to log into the company account and Office. If the trend spreads across the industry, passwords may soon give way to the smartphone.
2. Password Managers
Password managers like LastPass and 1Password can bypass the limitations of compatible services because they usually work with any website: they create strong passwords automatically, save the codes in the cloud and fill in login forms without typing anything. However, in general, they still require the first login with a master password that the user needs to remember.
This may change with the evolution of managers built into mobile operating systems. Android 10 and iOS 13 already automatically fill in passwords and delete the first login as the user can authenticate to the phone with biometrics. On the other hand, these solutions still do not offer an automatic password generator, which still forces the user to think about their own codes before recording them in the digital vault.
3. Business Protocols
Initiatives to eliminate passwords in the business environment are more advanced. Some corporate networks already integrate identity servers with service providers so that a single authentication releases all the programs the employee is entitled to without the need for multiple logins.
What still changes is the way each company allows login. In general, eliminating passwords completely means offering computers with a digital reader or infrared camera for facial recognition. Another solution is the Azure Active Directory, from Microsoft, which allows you to use the Authenticator app for the first entry into the systems: the user enters an email on the web and confirms the identity by clicking on a notification on the smartphone to proceed.
Biometrics is widely used as a safe way to eliminate passwords, but the creators of the FIDO2 standard argue that the solution is not enough. The danger lies in exposing biometric data: fingerprints, face, and iris are on display all the time and can be stolen using the most advanced technologies. Moreover, in the case of account intrusion, the user cannot change the biometrics as he already does with a leaked password.
The idea of FIDO2 is to get around the problem by combining a physical key, biometric identification, and information that only the user can know, like a password or phrase, to make the process more secure. The compatibility of this type of service is still restricted, but it is already available in the market in the form of devices such as Yubikey 5, compatible with computers and mobile phones through USB, Lightning or NFC.
5. Continuous multi-factor authentication
The United States Department of Defense has been working on a login technology that involves continuous identity verification. Instead of just checking in, the system intends to maintain constant monitoring of user behavior to make sure it is the same person throughout the entire session.
The feature would use sensors and algorithms to track unique features other than digital, face or iris: for example, how you slide your finger over the screen and how you hold the phone in your hands. Combined with nearby Wi-Fi and Bluetooth signals, among other factors, the technology could identify someone by context, without typing passwords.
6. Brain and DNA biometrics
DNA biometrics can also replace passwords. Countries such as Estonia are expanding genetic analysis programs as a means to prevent disease, in an initiative seen as the first step towards using the technology as biometric authentication. But the alternative still does not eliminate a weakness in biometrics: if a hacker hacks a server and steals the biometric pattern, the user cannot change it as a common password.
This is where a new type of biometrics called “brain password” comes in, which consists of a code created from brain waves generated by viewing a set of images. The solution would be difficult to implement because it would need a brain scanner installed in the computer, but it would be hacker-proof: in case of invasion, the user could reset the password by viewing a new set of images.