Feb 14, 2022
Password safety has been an ever-increasing security concern for the average user, as computers get smarter and software used for hacking gets faster. With the dawn of multifactor based authenticators and biometric logins in development, we may be entering a new era of passwordless authentication soon.
Scott Schaffer, Blade Technologies Chief Security Officer, recently appeared on Fox 2 News to discuss the new technology developments that will make this future possible.
What Does A Passwordless Future Look Like?
Schaffer highlights in his talk an upcoming software called Fast ID Online v.2 (aka FIDO2). This software would allow users to either create a security key, like a PIN, or use another biometric authentication measure, to create a universal login.
After users create and authenticate their profile, they never have to do it again. No authenticator apps, verification codes, or other authentication methods to keep track of. This is because the login is now being stored on a “private cryptographic key.”
The private cryptographic key is an active directory stored in and run by a piece of hardware called a Trusted Platform Module (TPM), which is stored in a devices’ motherboard. When you go to login to a website that has been documented by your TPM, it activates the private cryptographic key and interfaces with the public cryptographic key stored in the website information.
With this new technology, our user experience will become smoother with our future in passwordless sign ins. With this technology, our reliance on passwords will be a thing of the past.
Storing passwords in an insecure browser cache or having to use a password manager to create and store multiple passwords will no longer be the gold standard when this technology hits the market. This could then lead to fewer data breaches and add to our peace of mind when it comes to our security.
Is Passwordlessness Secure?
Because the TPM requires a secure PIN or biometric authentication, that means you are effectively storing information that no one else can have access to. This means that the TPM maintains a level of high security to always protect your personal information and passwords.
Additionally, the TPM has its own security measures as well. Though it is similar to a SIM card in that it can store valuable information in bulk, it differs from a SIM card as it can be removed from a device.
To keep it simple, a TPM cannot be physically removed from the device it was built into. Because it was installed into the devices main board, if a TPM is modified, tampered with, or completely removed, it will not work with a different device motherboard. Additionally, there is a chance that the data stored on it could be lost. Therefore, there is no way to exchange a TPM in the way one might make a SIM swap between new devices.
Overall, it seems that personal information and passwords will have more security with the technology that Schaffer suggests is our future.
How close are we to a passwordless future?
Due to current technology development being still in progress, while also simultaneously needing to phase out and replace old models of devices with the new hardware and software, there is still a bit of a wait until we can all begin going passwordless. Schaffer however is confident that this new future is coming sooner rather than later.
Overall, it seems like we can expect a passwordless future soon, and then we can say goodbye to creating weak passwords, compromised passwords used in unsafe servers, and passwords altogether.
More Tech Talk from Fox2Now
Blade Technologies in St. Louis is honored to be a regular contributor to Fox2Now's Tech Talk series. For the latest information on what's new in tech and how to keep you and your devices safe, check out more of the Tech Talk series.
Tech Talk Series
You can also learn more about Blade’s cybersecurity services in St. Louis or get in touch with our team.