Passwordless logins boost security for device and account access

With the increasing digitization of services across multiple industries, large corporations are pushing for new security measures to keep their customers’ documents and sensitive information secure. Among these measures are passwordless logins, with new authentication methods adding an extra layer of data protection.

The transition to passwordless logins is undeniable, with approximately 60% of large and global enterprises and 90% of midsize enterprises predicted to adopt passwordless methods in at least 50% of use cases, according to a recent Gartner study. This comes as no surprise, as security problems associated with password-only authentication are among the digital world’s biggest vulnerabilities. Consumers are often tempted to reuse passwords across different services due to the difficulty of managing so many passwords.

In the past, users had to manage, store and remember multiple passwords for many accounts. This is not only a burden to them, it has significant security ramifications. To address these, tech giants are supporting a revolution to eliminate passwords. Combined efforts by Apple, Google and Microsoft have led to the advent of passwordless logins. Users are now able to use their smartphones to authenticate sign-ins, and the system is expected to unlock access across different platforms.

Google encourages everyone to use a passwordless setup for services like its own Gmail, Google Drive and Google Docs by providing access to email and online storage with a two-factor authentication system that requires only a phone number to log in securely. Microsoft has adopted a similar approach through its Microsoft Authenticator App, granting users access to Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety and more. And Apple’s iOS 16 and macOS Ventura allow users to sign into apps and websites through “passkeys” replacing the traditional password.

As we witness the rise of passwordless security on more and more of the devices and systems we use day-to-day, we must also consider the challenges. With greater technological advancements, there are even more advanced hackers that can breach and access our sensitive information and accounts if our passwordless authentication is not implemented and secured correctly.

Let’s look at the pros and cons of passwordless logins and what they mean for the future management of our accounts and data protection.

Different forms of passwordless access

Google’s claim for the future of cybersecurity is that there will be advancements in authentication and verification technology that will completely transform the way users log in to their accounts, making passwords obsolete. These emerging technologies will seamlessly connect and integrate our content wherever we are.

One clear example is biometric authentication, a process that uses physical or behavioral characteristics to identify an individual. Fingerprints, facial recognition and voice recognition are all examples of biometric authentication. These methods are more secure and personal than passwords, and they’re becoming increasingly common in the business world. Two of the main reasons for their increasing adoption are:

Strengthening security measures

Biometric authentication offers an extra layer of protection over traditional methods such as passwords and PINs. As it’s tough to hack a person’s biometric data, biometric security doesn’t compromise privacy and is proven to be more reliable to protect sensitive data.

Reducing identity theft

The verification process behind biometric authentication is extensive and accurate, allowing only the right people access to the right accounts. This method alone noticeably reduces criminal activity, making it a greater challenge for even the most experienced hackers to crack.

As with biometric authentication, passwordless logins provide several advantages:

• Ensuring secure access to devices and data
• Preventing unauthorized access to devices and data
• Reducing the risk of data breaches
• Protecting against identity theft
• Reducing the time it takes to access information or resources

The struggle against passwords

As convenient and accessible as passwordless logins may sound, we still have to ask ourselves: Just how secure is our access to our accounts? After all, any security measure is only as strong as its weakest link.

Phishing, one of the most famous hacking methods, consists of tricking people into giving out sensitive information, usually resulting in unauthorized access to accounts. This is often accomplished via sophisticated emails with malicious links. As a security measure, users are now opting for hardware keys to secure their passwords (yes, traditional passwords) and grant themselves access to their accounts and services individually. These keys are plugged into a USB slot and automatically unlock the system. They can’t be used unless plugged in, preventing any potential hacking by phishing.

Passwordless login may have both pros and cons, but the future is clear: It will be the default method for accessing our devices and accounts. But just how far will it go? Will we one day be able to simply walk up to a computer or phone and have it automatically recognize us?

Regardless, we won’t need to remember passwords anymore.

Jan Lunter is founder and CEO of Innovatrics.