Will physical security keys kill off need for passwords?
In 2012, Wired‘s Matt Honan wrote about the disastrous consequences of tying your entire digital life to a string of letters, digits, and symbols. Honan is just one of countless people whose online accounts were hijacked after hackers discovered their passwords; the list of victims also contains high-profile tech executives, including Mark Zuckerberg.
The need to replace passwords with more secure and reliable methods has been discussed at length. As recently as last month, the United Nations accidentally revealed employee passwords on publicly shared Trello boards and in Google Docs. Even Facebook’s recent hack was related to poor password-based authentication systems. And billions of stolen passwords are changing hands in dark-web markets.
“The vast number of passwords needed in our daily lives have become a burden, which is why we see so many reused or weak static credentials,” says Stina Ehrensvard, CEO and Founder of Yubico, which manufactures physical security keys like the Yubikey 5 NFC. “We needed to think about how to address this problem in a way that simplifies the login process while adding the highest level of security. Up until now, there hasn’t really been a way to do both of those things successfully.”
And while alternatives such as biometric authentication technology have become more widely available on mobile devices, password entry remains the ubiquitous feature that all devices support. Removing it would prevent many users from accessing those services.
Lack of standards also makes it hard to move away from passwords. The overhead cost of adding support for dozens of different authentication technologies in client applications and backend servers is something that most organizations could not bear.
And of course, there’s always the human factor. “Some companies and individuals continue to believe that they won’t be affected by cyber attacks and that they are not of interest to cybercriminals. A lack of desire and resources to change existing solutions is hindering adoption of new passwordless authentication solutions,” says Alex Momot, CEO of REMME, a startup developing a decentralized authentication system. Read more
