Is it time to say goodbye to passwords? Regardless if you are a user or a developer, you’ve likely heard of the advent of passwordless authentication. As a developer myself, I’ve been motivated to include it as a secondary option in my projects for months. The first OwnID Passwordless Authentication Report was just released, so let’s take an in-depth look at why and how the world of authentication is changing.
The history of passwords
Passwords may seem recent and tightly connected to the technological world, but they are actually far older. What we call authentication today existed since ancient times. Spies needed to identify themselves and only specific groups were allowed access to places. To prove their identity, they would provide a password. Records show that these passwords have been used ever since Ancient Rome, but they likely date back even further because they are a straightforward solution to many potential problems.
With the advent of computers and the need for privacy that came with it, there was still a need to define a way to authenticate a person. This was decided in the 60s, a long while before the popularization of computers, when MIT’s Compatible Time-Sharing System project (widely regarded as the first general-purpose operating system) needed a way to authenticate different users to match them to their private files. Fernando José Corbató, the man credited for this decision, said in an interview it was a very straightforward solution since it was one lock per user with a predefined password only they know.
The History of Passwords
In 1961 a Project Lead at MIT, Fernando Corbató introduced the first computer password to the Compatible Time Sharing System (CTSS). This allows multiple people to use the machine with their files privately accessible.
A breakthrough of its time. pic.twitter.com/87ejuSGxNc
— Hitachi Security Business Group (@HitachiSBG) June 10, 2022
More than half a century later, we still use a similar password system, but real-world identification has changed a lot since Ancient Rome. Today, passwords are almost never used in real-world situations. This is why there’s a growing discussion on whether or not we should move on from passwords digitally. After all, passwords can be easily guessed, brute-forced, or stolen through various means, including phishing scams, hacking, or malware infections. What is for sure is that passwords aren’t the best security system and it is quite possible that yours too were compromised.
Going passwordless any time soon?
While attempts on making authentication safer have been going on for years with systems such as two-factor authentication, more recently a different approach has been taken. This approach is safer and more convenient. Users don’t have to remember a lot of passwords or rely on a password manager.
This approach is called passwordless authentication. Companies such as OwnID have emerged and offer it in both biometric and hardware ownership-based methods. OwnID specifically is a provider of a system to connect the phone fingerprint scanner to authenticate you on any device. They recently compiled a report on the progress of the passwordless industry and its usage.
What do the trends for passwords look like?
According to the report, 2022 marked a big year for the rise of this technology. Giant tech companies such as Samsung, Apple, and Google adopted the passwordless concept in the past year. Users themselves proved it a worthwhile adoption as 25.8% of new accounts and 35% of existing ones opted for passwordless.
Initially, I had a concern that compatibility might be an issue since not everyone might have a device that supports fingerprint scans. However, statistics prove that this is not a problem as over 75% of users now have compatible devices. This trend is expected to continue growing.
Finally, the report goes into the business side of things, estimating potential increases in revenue from this technology. According to the statistics of incomplete registrations, error-related logins, and password resets, it takes a big enough chunk of potential customers away. The report takes the example of one of the OwnID retailers. Assuming just 20% of these users actually go through with the purchase without these issues, their estimated increase in revenue would be over $700k.
So is it goodbye to passwords?
Passwords won’t disappear completely, but eventually, passwordless authentication will take over. Personally, I will continue to include both types of authentication in my projects. The mentioned big companies like Google seem to be on the same accord, for the time being.
Photo credits: The feature image is symbolic and has been taken by Cleyton Ewerton.