Passwords suck. They’re the root cause of 81% of data breaches, but due to the dizzying number of online accounts people have, 65% of us still reuse them.
But guess what? Apple, Google, and Microsoft will roll out no-password login options over the coming year, per the Fast Identity Online (FIDO) Alliance, which sets standards for passwordless authentication.
Instead of using a password, you’ll sign in with your smartphone or other devices — similar to 2-factor authentication. But this method is called “public key cryptography.”
Let’s say you decide to create an account with your favorite online retailer, CuteKittySocks.com.
When you register, a key pair is made: a public key shared with CuteKittySocks.com, and a private key that stays on your phone.
Keys are just big-ass connected numbers. For example, a private key could be 2 long prime numbers, and a public key would be what you’d get if you multiplied them.
But you won’t see these digits. You log in the same way you unlock your phone (e.g., entering a PIN or scanning your fingerprint). Your phone verifies with CuteKittySocks.com that you have the right key and, meow, you’re in!
… someone steals your phone? They’d still need to complete the challenge, meaning they’d need to know your PIN or have possession of your finger.
Meanwhile, your keys are backed up on the cloud, so you can store them on multiple devices in the event one is lost or damaged, or transfer them to new ones. Other benefits:
However, there are still hurdles. Not everyone has a smartphone or device new enough to adopt passwordless logins.
And one survey found that while 85% of respondents wanted to use fewer passwords, 72% believed others would stick with passwords because it’s familiar.
Fun fact: A recent survey by digital safety platform Aura found 39% of US pet owners have used their pet’s name in a password — 48% of whom have also posted their pet’s name online.