A future without passwords may be closer than you think

U.S. and World

ST. LOUIS (KTVI) – Hate trying to keep track of all your passwords? They may one day be a thing of the past.

Advances in biometrics, multifactor authentication (MFA) and other technological advances are slowly making them unnecessary.

Scott Schaffer, chief information security officer with Blade Technologies, explained that between the late 1990s and early 2000s, a six- to eight-character password was all that was needed to protect a system. He said it could take years to crack a password of that length.

There are now more powerful computers and more advanced algorithms that can crack an eight-character password in less than three hours.

Schaffer said more recently, he has advised clients to use a password manager and have a longer, more unique password for each website. However, he said, the more powerful computers that are around the corner won’t be enough for a 12-15 character password.

So what does a world without passwords look like?

Schaffer points to a future with Version 2 of FIDO (Fast Identity Online), or FIDO2.

The technology allows individuals to use a digital unlock system, such as Face ID or Touch ID on a smartphone, or a voice or PIN on a device, to authenticate users. The framework works across Windows, Mac, and Android. This would only have to be done once.

After your device has been authenticated, a private cryptographic key stored in the machine’s Trusted Platform Module (TPM) “handshakes” with a public cryptographic key used for a website or application.

Schaffer said the technology makes it possible to use a smartphone or security key device to log into sites and transact without ever entering a password because no password exists.

“If we know that every big ransomware or any big email spoofing thing always is going after somebody’s password,” he said. “So if you don’t have a password, that means you can give it up.”

The TPM is a physical chip on the main board of your device. The TPM chip cannot be modified and is not accessible outside of the device it is on. That means even if the chip is pried off, you are protected.

All the major players in the tech industry have signed onto the concept, but the migration to a password-free future won’t happen overnight.

However, Schaffer said it’s not a question of whether it’s coming, but rather of when.

“The quicker we can get rid of passwords, the better it’s going to be for all of us, obviously,” he said.

Copyright 2021 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

More As Seen on 2 NEWS
2019 TRICK OR TREAT TIMES

Trending Stories

Don't Miss

BestReviews

More BestReviews

Latest News Videos

Pfizer booster rollout begins in Clark County

Clark County begins Pfizer booster rollout

9-27 Bellbrook Police theft suspect

Lawmakers continue to debate over vaccine mandates

Springboro Schools to start voluntary quarantine pilot Friday

Is it safe to Trick-or-Treat this Halloween? CDC director weighs in

More News