Passwords could soon be a thing of the past

Biometric data is likely to underpin the security of our digital devices in the years ahead

Apple's new iOS 16. EPA
Powered by automated translation

I type in a password to open my phone, then another to access my work email. The first message I read has me keying in another password to access one of the many applications that help me do my job and run my life. On and on, I go, throughout the day, typing in different passwords – when I remember them.

Like many others, I have begun to experience password fatigue: a kind of energy-depleting exasperation felt by those required to recall and retype an excessive number of them daily. This situation worsened during the pandemic. As online subscriptions increased, so did the number of passwords per person.

Apple, however, has given me hope. Earlier this month, the tech giant announced that it will be ending passwords, providing a biometric alternative for all its popular devices. This isn't just facial recognition to open the phone; the new tech will also allow us to access password-protected websites using our faces or fingerprints. This is a game-changer that will leave many of us passwordless.

I won't be sad to see passwords fade. They've had their day. This method of identity authentication is ancient. Sometimes known as watchwords, the military has used them throughout the ages to differentiate friend from foe. They are even mentioned in the bible. The Book of Judges, for example, describes a situation where giving the correct password could mean the difference between life and death. Similarly, the Middle Eastern classic, One Thousand and One Nights, introduces us to Ali Baba and the magical password "iftah ya simsim", or "open sesame".

The information age, however, has seen passwords proliferate along with our internet use. Passwords have become the doormen at the entrance to our digital devices, the gatekeepers to our online lives. Some people dislike the minor inconvenience they impose and opt for short, weak, but highly memorable passwords, like qwerty, 111111 or 12345. However, the rise in cybercrimes, particularly identity theft, forced many people to rethink such easily breached defences.

Keeping our information safe has called for more stringent password protocols. Many accounts now insist that passwords are of a certain length and contain upper and lower-case letters and at least one special character (!@$). We are also discouraged from using passwords that are easy to guess, such as family members' names and years of birth. Some workplaces even mandate that we change our passwords monthly. Finally, we're strongly discouraged from using the same password across multiple accounts. In short, this is a lot. Effective password management is demanding, especially if we follow the letter of the law, which most people don't. According to industry reports, 123456 remains one of the most common passwords in use.

It is with hope and optimism, then, that I greet Apple's plans to end them. The new software (iOS 16 and macOS Ventura) that will help replace passwords is scheduled for autumn 2022. This update will allow iPhone, iPad and Mac users to log into various online accounts without typing in the old alpha-numeric passwords. The principle is simple. Apple will replace something we knowthe password with something we have: fingers (Touch ID) and faces (Face ID). Passwords are forgettable; fingers and faces aren't. I can guess your password, but I can't replicate your face.

The new technology, "Passkeys", will be an alternative to passwords, not a direct replacement. Not yet anyway. Other tech giants, Google, Microsoft and others, are also onboard and have similar passkey plans.

However, if traditional passwords are going to be replaced, all this new tech needs to work seamlessly. It will also need to be platform and device-independent. For example, I must be able to use my Apple iPhone Passkeys to open my Gmail or Windows accounts. Suppose there are too many glitches or that it is too restrictive. In that case, people will quickly revert to type.

It's bad enough when we forget a password; imagine the level of frustration we might feel if facial recognition fails. Typing an invalid password is one thing but having an invalid face or finger is another.

Another factor that will influence the uptake of passwordless options is trust. Initially, some people won't be comfortable sharing their biometrics, their fingerprints and faces. So the passwordless options will need to earn our trust. They will have to demonstrate that they are safer – more difficult to hack – than the traditional password systems. Many people will also need explicit assurances that biometric data will never be shared or repurposed without consent.

A research study by the security firm Yubico in 2019 examined the password-related behaviours of over 1,700 information technology professionals in Europe and North America. On average, these employees spent 12.6 minutes every week entering or resetting their passwords. That's around 10 hours per year. So if Apple's new Passkeys work well, it will be a massive win, especially for those of us who routinely forget and reset our passwords.

Published: June 28, 2022, 4:00 AM
Updated: June 06, 2023, 11:31 AM