Passwords could soon be a thing of the past

I type in a password to open my phone, then another to access my work email. The first message I read has me keying in another password to access one of the many applications that help me do my job and run my life. On and on, I go, throughout the day, typing in different passwords – when I remember them.

Like many others, I have begun to experience password fatigue: a kind of energy-depleting exasperation felt by those required to recall and retype an excessive number of them daily. This situation worsened during the pandemic. As online subscriptions increased, so did the number of passwords per person.

Apple, however, has given me hope. Earlier this month, the tech giant announced that it will be ending passwords, providing a biometric alternative for all its popular devices. This isn't just facial recognition to open the phone; the new tech will also allow us to access password-protected websites using our faces or fingerprints. This is a game-changer that will leave many of us passwordless.

I won't be sad to see passwords fade. They've had their day. This method of identity authentication is ancient. Sometimes known as watchwords, the military has used them throughout the ages to differentiate friend from foe. They are even mentioned in the bible. The Book of Judges, for example, describes a situation where giving the correct password could mean the difference between life and death. Similarly, the Middle Eastern classic, One Thousand and One Nights, introduces us to Ali Baba and the magical password "iftah ya simsim", or "open sesame".

The information age, however, has seen passwords proliferate along with our internet use. Passwords have become the doormen at the entrance to our digital devices, the gatekeepers to our online lives. Some people dislike the minor inconvenience they impose and opt for short, weak, but highly memorable passwords, like qwerty, 111111 or 12345. However, the rise in cybercrimes, particularly identity theft, forced many people to rethink such easily breached defences.

Keeping our information safe has called for more stringent password protocols. Many accounts now insist that passwords are of a certain length and contain upper and lower-case letters and at least one special character (!@$). We are also discouraged from using passwords that are easy to guess, such as family members' names and years of birth. Some workplaces even mandate that we change our passwords monthly. Finally, we're strongly discouraged from using the same password across multiple accounts. In short, this is a lot. Effective password management is demanding, especially if we follow the letter of the law, which most people don't. According to industry reports, 123456 remains one of the most common passwords in use.

It is with hope and optimism, then, that I greet Apple's plans to end them. The new software (iOS 16 and macOS Ventura) that will help replace passwords is scheduled for autumn 2022. This update will allow iPhone, iPad and Mac users to log into various online accounts without typing in the old alpha-numeric passwords. The principle is simple. Apple will replace something we know – the password – with something we have: fingers (Touch ID) and faces (Face ID). Passwords are forgettable; fingers and faces aren't. I can guess your password, but I can't replicate your face.

The new technology, "Passkeys", will be an alternative to passwords, not a direct replacement. Not yet anyway. Other tech giants, Google, Microsoft and others, are also onboard and have similar passkey plans.

Increasing adoption of subscription services is leading to confusion around passwords. AP

However, if traditional passwords are going to be replaced, all this new tech needs to work seamlessly. It will also need to be platform and device-independent. For example, I must be able to use my Apple iPhone Passkeys to open my Gmail or Windows accounts. Suppose there are too many glitches or that it is too restrictive. In that case, people will quickly revert to type.

It's bad enough when we forget a password; imagine the level of frustration we might feel if facial recognition fails. Typing an invalid password is one thing but having an invalid face or finger is another.

Another factor that will influence the uptake of passwordless options is trust. Initially, some people won't be comfortable sharing their biometrics, their fingerprints and faces. So the passwordless options will need to earn our trust. They will have to demonstrate that they are safer – more difficult to hack – than the traditional password systems. Many people will also need explicit assurances that biometric data will never be shared or repurposed without consent.

A research study by the security firm Yubico in 2019 examined the password-related behaviours of over 1,700 information technology professionals in Europe and North America. On average, these employees spent 12.6 minutes every week entering or resetting their passwords. That's around 10 hours per year. So if Apple's new Passkeys work well, it will be a massive win, especially for those of us who routinely forget and reset our passwords.

Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.

Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.

“Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.

Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.

“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.

Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.

From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.

Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.

BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.

Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.

Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.

“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.

Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.

“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.

“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”

The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”