The journey to passwordless – it's a marathon, not a sprint

Hands typing on a keyboard surrounded by security icons
(Image credit: Shutterstock)

Our online lives are protected, first and foremost, by passwords. They are a part of our everyday lives and protect our sensitive information in the digital world. However, they aren’t a flawless system of protection, and our lives would certainly be easier without the need for them. Many reuse passwords across accounts or set up very weak ones, easily guessed ones, and the truth is we are under a constant threat of cyberattacks by increasingly savvier hackers.

About the author

Dan DeMichele is VP of Product Management for LastPass at LogMeIn.

However, whilst we are on the journey to a passwordless future, we still have a long way to go. A passwordless world will eliminate all the headaches of having to remember numerous passwords for a multitude of accounts, and the risks that come with it. So how do we go from having to improve our password usage to a passwordless world? The marathon begins…

When online, play safe

It’s not just a simple password that offers you protection in the online world – there are wider systems and tools that offer additional cybersecurity. They’re especially relevant when we consider a large enterprise with lots of employees having access to sensitive information and sometimes those logins are shared between all employees. Current basics of online security must ensure there is a high standard of education and password hygiene. From there, there are tools to help reinforce the education, such as password managers, and Single Sign-On (SSO) or Multi-factor Authentication (MFA) options. These technologies remember all our passwords for us, making it easier and faster to access our accounts and allowing us to manage shared accounts without the accompanying security threats. It saves us time and hassle, boosting productivity with added security.

For a passwordless world, however, there needs to be more. Fast Identity Online (FIDO) technologies support authentication mechanisms, such as biometric face and fingerprint ID and the addition of hardware security keys. This passwordless solution represents the future and would operate across operating systems, web browsers, devices, and applications. However, many tech giants and identity providers are not there yet. The technology still needs to be developed and adopted across all industries, so it will be years before we see a passwordless world. Until then, we must educate ourselves on the safest measures available to us today.

The importance of ongoing education

Hackers are astute and always evolving. Their methodology is constantly shifting, adapting to the latest protection measures, and always trying to pull a fast one on people. For companies, is important to stay just as up-to-date as hackers do. It is crucial that systems are updated regularly, and new protection measures are instated when old ones are no longer effective. It is also equally as important that everyone, from the highest position in a company to the lowest, is aware of the ongoing risks.

People must understand the risks of a weak line of digital defense, which could cause catastrophic consequences for organizations. Businesses should take the initiative to help their employees by providing regular training so that people don’t ‘forget’ how to stay secure. At the same time, there’s also the need for a sense of individual responsibility. It starts with us, and without ongoing proactive effort, digital security is but a fever dream. We must make a personal effort to be more alert and conscious of the dangers of having our private information hacked.

Forging a new cybersecurity culture

Habits are hard to learn, and just as difficult to unlearn. We wouldn’t expect someone to learn an entirely new language overnight. If we consider how long most people have been using the internet, we will realize that a lot has happened in a very short period of time. There is still a journey ahead of a passwordless world. With the digital world fast-evolving, cybersecurity needs to follow suit. Cybercrime is surging, but so is cybersecurity culture. People are increasingly more aware of the dangers faced in the online world, as being indifferent to them is something we simply cannot afford to do. New solutions need to be implemented, whether it be by companies or people in their own personal lives. With that said, these can also be quickly forgotten. It is important to keep learning about new ways to stay safe, and new technologies that can help us.

We must also allow time for the technologies to develop so passwords can become outdated. While broad implementation and adoption of passwordless is the industry’s ultimate goal, it will likely take years before people experience an end-to-end passwordless login across all applications. However, there are tools that can help get you there sooner such as a password manager that allows for Passwordless Authentication.

Widespread adoption of these will ease us into a safer reality, one that will, at its own pace, make way for a world where passwords are a thing of the past.

We feature the best identity theft protection software.

Dan DeMichele, VP of Product Management at LastPass.