ST. LOUIS– Hate trying to keep track of all your passwords? They may be a thing of the past in the future. Advances in biometrics, multifactor authentication (MFA), and other technological advances are slowly making them unnecessary.
Scott Schaffer, Chief Information Security Office with Blade Technologies, explains in the late 1990s early 2000s, a 6-8 character password was all that was needed to protect a system. He says it could take years to crack a password of that length. There are now more powerful computers and more advanced algorithms that can crack an eight-character password in less than three hours.
Schaffer says more recently he has advised clients to use a password manager and have a longer, more unique password for each website. However, he says the more powerful computers that are around the corner won’t be enough for a 12-15 character password.
So what does a world without passwords look like? Schaffer points to a future with Fast ID Online version 2 or FIDO2.
The technology allows individuals to use a digital unlock system, such as Face ID or Touch ID on a smartphone, or a voice or PIN on a device to authenticate users. The framework works across Windows, Mac, and Android. This will only have to be done once.
After your device has been authenticated, a private cryptographic key stored in the machine’s Trusted Platform Module (TPM) ‘handshakes’ with a public cryptographic key used for a website or application.
Schaffer says the technology makes it possible to use a smartphone or security key device to log into sites and transact without ever entering a password because no password exists.
The TPM is a physical chip on the main board of your device. The TPM chip cannot be modified and is not accessible outside of the device it is on. That means even if the chip is pried off you are protected.
All the major players in the tech industry have signed onto the concept but the migration to the passwordless future won’t happen overnight.
Schaffer says though it is not a question of whether its coming, more of when.