5 Pros & Cons of a Future Without Passwords
At long last, the technology needed to eliminate passwords has arrived. Many security experts believe a passwordless future is inevitable, but will this freedom from passwords be as great as we think? To find out, we took a closer look at the pros and cons of a future without passwords.
What a passwordless future looks like
The first thing that usually comes to mind when thinking about the future of passwords is biometric methods like fingerprints and facial recognition that have already relieved us from password creation, memorization, and storage for mobile device access. This technology will be just one facet of the future without passwords that will also include things like hardware tokens, passkeys, and other FIDO-based methods.
Want to learn more about using Dashlane Password Manager at home or at work?
Check out our personal password manager plans or get started with a free business trial.
What is passwordless authentication?
Traditional authentication methods typically include something you know, like a password or the answer to a security question. Passwordless authentication replaces this requirement with something you have or something you are. For example, a passwordless login might use biometric methods, one-time passcodes (usually sent through text, app, or email), physical security keys such as USB sticks, or passkeys. Based on public-key cryptography, passkeys allow a service provider or website to communicate directly with your device by exchanging mathematically related keys.
What is FIDO-based authentication?
The Fast Identity Online (FIDO) Alliance has been working on standards and technologies that enable a future without passwords since 2013. In fact, FIDO-based authentication is already available on most devices, such as mobile phones, tablets, and laptops. Passkeys are the latest iteration of FIDO-based authentication, allowing users to sign in on any device that has the key synced to it.
Want to learn more about passkeys? Check out our passkey page for resources and more information on this new login technology.
3 pros of a future without passwords
Given that the average person has over 240 online accounts, the pros without passwords can be very impactful. While our daily routines will be simplified, a passwordless future brings other benefits that include:
- Improved user experience: The simplicity of biometric methods and passkeys will save us time and make it more enjoyable to navigate between websites and apps without continually re-entering account credentials.
- Heightened security: With 81% of hacking-related breaches leveraging weak or stolen passwords to gain unauthorized access, reducing the use of traditional passwords will have a positive impact on cybersecurity. Significant security improvements are expected to include:
—A reduction in brute-force attacks. Hacking tactics based on inputting software-generated user credentials over and over until a matching account is found will not work in passwordless situations.
—Less credential stuffing. The automated insertion of stolen usernames and passwords to fraudulently gain access to user accounts will not be possible for passwordless authentication.
—Less value for credentials on the dark web. The darkest recesses of the internet might continue to be a haven for the buying and selling of stolen information, but user passwords will be less of a hot commodity. - Reduced overhead for IT: Passwordless authentication will reduce the time IT teams spend helping employees reset passwords and recover account access. For example, if a Dashlane user loses their device, they can use a recovery key or another device that’s logged in to Dashlane to restore access.
Passwordless authentication will reduce the time and money spent on password management and password resets.
2 cons of a future without passwords
New technologies often bring many benefits, but most also come with a few drawbacks and challenges. Passwordless authentication is no exception. Here are a few of the cons without passwords:
- Device dependency: Passkeys and other emerging passwordless login methods require a specific, approved device to be used for authentication. This can become an inconvenience if the device is lost, forgotten, or otherwise unavailable. Authentication that is device-dependent might also limit the options for device types and operating systems that can be used.
- User hesitancy: Resistance to change is another common factor for any major technology shift. Most people grew up using passwords, and while they may occasionally be annoyed by them, they accept them as part of daily life. Some computer users are suspicious about biometric information being shared with unknown entities, and the less tech-savvy among us might find a change to passwordless methods a bit unsettling.
What a passwordless future means for individuals
The passwordless future is already here, with biometric authentication leading the way. Smartphones use this technology to authenticate users and unlock devices without the need for a password. Passwordless authentication enables a future that includes:
- No more password creation, memorization, and storage. Passwords are an exchange of information for authentication. Without the need for that exchange, there won’t be a need to create, memorize, or store passwords. While passwords aren’t going away anytime soon, passwordless authentication will save us time and could eventually free us from the password repositories we’ve accumulated over the years or decades. Password managers have provided a convenient and secure way for millions of people to no longer create, memorize, or store passwords themselves. Some, such as Dashlane, are paving the way for a passwordless society while still supporting password usage during the transition.
- No password theft from phishing. The social engineering tactic known as phishing is often presented in the form of unsolicited emails that attempt to trick us into clicking on dangerous links or sharing private information. One common objective of these malicious phishing emails is password theft. Without traditional passwords, phishing emails will lose their relevance in a passwordless future.
- Lockouts less likely. The average internet user is locked out of accounts ten times per month. With each password reset taking ten minutes or more to complete, the inconvenience is evident. With no passwords to remember or store, lockouts based on forgotten, lost, or changed credentials will become much less likely, and we will become more productive.
- Digital identities emerge. Digital identities can replace both physical and digital forms of identification by using a combination of biometrics, encryption, and usage factors to create a more portable and flexible authentication method. Without passwords, digital ID methods will become more standardized, which will lead to greater public trust and adoption.
What a passwordless future means for businesses
The future of passwords will be a welcome sight for many businesses as they realize the efficiency and security benefits, although the transition will include challenges as well. The changes businesses may experience include:
- Authentication system changes. As with any technology change, new authentication software requires investment, implementation, and education. Starting with a subset of employees or offering passwordless login as an option enables a gradual transition while providing more time for awareness and adoption to grow through employee training.
- Fewer password-related IT issues. According to Gartner Group, between 20% to 50% of all help desk calls are for password resets. Eliminating this time drain will allow IT teams to focus on boosting the company security culture and other proactive tasks. The elimination of these repetitive issues is also likely to boost IT job satisfaction.
- Improved productivity. With no more passwords, employees and employers will realize how much interruptions from logins, resets, and password storage practices have impacted their workflow and efficiency. Access management systems will be streamlined once we no longer use separate passwords for each application. Bring your own device (BYOD) practices and policies will also be simplified once the need to continually sync passwords between devices is eliminated.
- Focus shifts to different cyber threats. Brute-force attacks and credential stuffing may become obsolete when passwordless authentication becomes the norm, but hackers will still be with us. Without password vulnerability as an attack point, their focus will shift to other tactics, including:
—Account recovery flows: A world without passwords will also be a world without conventional password resets through email when access is interrupted. New account recovery flows might require the involvement of trustworthy entities, account recovery tokens, or additional biometric factors. These new account recovery flows might be exploited by hackers to gain unauthorized access if they are not well-designed and implemented securely.
—Malware: Short for malicious software, malware includes several types of software, including spyware and ransomware, that are intended to interfere with a computer’s function. Malware is often delivered through unsafe email attachments or website links, so passwordless authentication will have little impact on malware prevention and detection methods.
—Physical security breaches: Physical threats, including equipment break-ins, device theft, and sabotage, will still be with us. Fortunately, physical security threats like shoulder surfing to view others entering their credentials and social engineering to trick others into providing password information will be rendered useless.
Will a future without passwords be better or worse?
It's clear that a passwordless future will be a more convenient and secure one, and Dashlane is already leading the way with:
- The first in-browser passkey solution and passkey support for our security-first password manager. With Dashlane, you can automatically log in across all types of sites.
- Passkey support for Android and iOS. You can generate device passkeys quickly and easily just by using your fingerprint.
- Board-level membership and ardent support for the FIDO Alliance. We are working with our industry partners to usher in the era of passwordless innovation and phishing-resistant authentication.
Dashlane’s automatic password generation, secure and encrypted password storage, and customizable autofill features let us preview the freedom and convenience of a passwordless future, and that future appears bright. Combined with passwordless login, 2-factor authentication, Dark Web Monitoring, and a secure VPN, Dashlane is delivering the future of passwords today.
Dashlane is the first credential manager to enable users to create and access their account without a Master Password. Check out what our Senior Product Manager has to say. Also, check out our fireside chat, "Enhancing Security and Convenience with Passkeys," for even more insight on passwordless login methods.
References
- Incode, “The Future of Biometrics Technology: An Overview by Industry,” December 2022.
- Dashlane, “What is Passwordless Authentication, and Why Should You Care?” November 2022.
- Dashlane, “What Is a Passkey and How Does It Work?” November 2022.
- Dashlane, “Is a Passwordless Future on the Way? What You Should Know About FIDO-Based Authentication,” May 2022.
- Dashlane, “A look at Password Health Scores around the world in 2022,” 2022.
- Dashlane, “How a Password Manager Helps Prevent a Data Breach,” December 2017.
- Dashlane, “What the Hack is a Brute Force Attack?” February 2020.
- OWASP, “Credential Stuffing,” 2023.
- Dashlane, “How Password Management Best Practices Are Evolving,” January 2023.
- Dashlane, “Dashlane is Eliminating the Only Password You Have to Remember,” May 2023.
- SC Media, “The road to passwordless: How it started and how it’s going,” April 2023.
- AIM, “How To Fool Facial Recognition Systems,” August 2021.
- Dashlane, “How Password Management Best Practices Are Evolving,” January 2023.
- Dashlane, “Don’t Get Hooked: Dashlane Celebrates No Phishing Day,” June 2022.
- PC Magazine, “Average US Internet User Is Locked Out of 10 Accounts Per Month,” April 2021.
- Dashlane, “Digital Identity 101: Everything You Need to Know,” April 2023.
- Forbes, “A Passwordless Future: Four Key Considerations,” May 2022.
- Dashlane, “How Passwordless Authentication Could Impact Your Day-to-Day Life,” December 2022.
- Dashlane, “How Businesses with a BYOD Policy Can Secure Employee Devices,” January 2022.
- Dashlane, “What the Hack is Malware?” February 2020.
- Remme, “How passwordless recovery works when you get locked out of an IAM account,” August 2020.
- Dashlane, “Dashlane Releases Passkey Support on Android,” June 2023.
- Dashlane, “Dashlane Becomes a Board Member of the FIDO Alliance,” April 2023.
- Dashlane, “Introducing Passwordless Login For Dashlane,” 2023.
- Dashlane, “Ushering in the Passwordless Future at Dashlane,” August 2022.
- Dashlane, “How to Prevent Ransomware Attacks on Your Devices,” March 2023.
Sign up to receive news and updates about Dashlane