You lightly place your thumb at the bottom of your phone screen and, lo and behold, it’s unlocked instantly. So why can’t we do the same at the bank or when logging in to Twitter or YouTube? Well, soon we’ll be able to do it all. The passwordless future is inevitable and it's almost here.
At NordPass, we’re thrilled to be creating a passwordless future. But what is passwordless authentication? How does it work? Let’s answer these questions.
Why should we consider going passwordless?
Year after year, we see either “123456” or “password” top our Most Common Passwords List. Millions of people reuse absurdly simple passwords across multiple platforms, even though they are very easy to crack by using a dictionary or brute force attacks. It makes passwords (and the people using them) one of the weakest links security-wise in any company or service.
Weak passwords are just part of the problem. The way we treat passwords is an issue as well. One of the worst password sins that all of us can attest to is reusing passwords. Having a single password to secure multiple accounts is a huge security risk, to put it mildly. In such instances, a single compromised account indicates that all of the user’s accounts are essentially compromised as well.
The solution lies in biometric authentication and passkeys, which combined become one of the safest and smoothest passwordless authentication options available.
Passkeys: The key to passwordless authentication
In an age where technology usage continues to rise, the need for secure and efficient authentication methods becomes all the more pressing. Passwords, which have long reigned supreme as a solution for securing online accounts, have over time proven to be unreliable and susceptible to hacking. In turn, many organizations and companies have been looking for new, more efficient, and robust ways to authenticate users.
One organization at the forefront of the effort to go passwordless is the FIDO Alliance. The alliance works with various companies, including NordPass, to develop and promote open standards for passwordless authentication.
According to the FIDO Alliance, the technology set to replace passwords is passkeys. Passkeys are digital credentials that are generated by the user's device. Usually used in combination with biometric data, such as a fingerprint or facial recognition, to offer an extra layer of security, passkeys provide access to websites and other online services.
What passkeys bring to the table
One of the major advantages of passkeys is that the private key, which is used to generate the passkey, never leaves the user's device. This makes it almost impossible for attackers to gain access to the key through phishing or other forms of cyberattack. Furthermore, passkeys are almost impossible to hack, making them more secure overall.
Unlike traditional passwords, passkeys are invisible to the user and are never revealed or entered manually.
Going passwordless will also improve user experience. A fingerprint scanner, for example, is a fast and reliable authentication method. It would also mean that there would be no more password reset procedures — IT departments throughout the world will be very grateful. Also, when it comes to biometric authentication, you don’t need to remember anything. You won’t have any Post-its on the computer screen or notes in your planner. You can’t lose, steal, or forget your fingerprint.
Room for improvement for current passkey-based authentication
The passwordless revolution is not a pipe dream – we’re on the cusp of it. The FIDO Alliance is already making it a reality.
Just last year Microsoft announced that they will be integrating a passkey manager into Windows 11, a major move towards the passwordless future. Not to be outpaced, Google announced the support for passkeys for Google accounts in May 2023.
There’s also Apple. With the release of iOS 17, iPadOS 17, and macOS Sonoma, Apple ID users will have automatic passkey assignment. This feature even extends to third-party apps and websites that support “Sign in with Apple.”
And while the revolution is already in motion, the road to a passwordless future is not without its bumps. Passkeys, while promising, are not yet universally supported across all platforms and services. They are also device-specific, which means a passkey registered on one device may not work on another. This could pose a challenge for users who frequently switch between devices.
However, the tech industry is actively tackling these issues. Apple is introducing an API that will allow third-party apps to manage passkeys, potentially solving the device-specific limitation. The same goes for other tech giants, which essentially means password managers like NordPass will be able to offer passkey management across multiple devices, making the transition to a passwordless future seamless for users.
Introducing passwordless authentication to NordPass
At NordPass, we’re excited to be at the forefront of the passwordless revolution. And twice as thrilled to let you know that we're already supporting passkey storage as well as we’re working on passwordless access to the NordPass app.
Passwordless access to NordPass
We are currently working on enabling a passwordless sign-in to NordPass. It will be a faster and simpler process than the one now, since it will require a single biometric confirmation. In simple language, this means that you will be able to access your Nord Account and NordPass with a single tap of a finger. Passwordless access to NordPass is set to significantly improve user experience and overall security.
NordPass Passkey Holder
All NordPass users have the ability to save passkeys for any website or app in the encrypted vault and use them to access those online services later. With NordPass, you can safely share, and sync passkeys between multiple devices and platforms, whereas many passwordless authentication solutions tend to lack such functionalities. This makes NordPass a single place for all of your digital valuables, including passwords, passkeys, credit cards, and other sensitive information.
Passkey integration for online service providers
The world is already moving rapidly towards a passwordless future. Unfortunately, not everyone can adapt smoothly and efficiently. Many small to medium-sized businesses (SMBs) lack the resources and know-how to implement passkey authentication for their users. However, at NordPass we’re ready to leverage our security expertise to make the transition from passwords to passkeys as smooth as possible. We believe that the frictionless user experience offered by passkeys across multiple platforms and devices, combined with superior security, will help your business increase conversion rates, user engagement, and user satisfaction.
You can expect big things. So stay tuned, and be prepared for the inevitable passwordless future – it’s just around the corner.