The path to a world without passwords has already begun

Tech companies like Apple, Google and Samsung are working together to eliminate passwords.

Since 2013, the Fido alliance (Fast Identity Online or fast identity online) has sought to create a single authentication standard for websites and applications. The objective of the group, which also includes Intel, Lenovo and Microsoft, is to transform the form of verification into services we know today, offering a higher level of security.

Apple, for example, announced this year passkeys. According to the company, the method protects the user against the reuse of credentials, leaks and scams, in addition to providing a simpler experience. In practice, the technology links a digital key to the user’s account and, after that, they confirm the login through fingerprint or face scanning.

As the password is stored on the device itself and requires the user’s biometrics to be validated, there is no risk of being leaked or stolen. It is a one-step flow that does not require extra means of security, as is the case with multi-factor authentication, which uses text messages or email, for example.

According to Eronides Meneses, chief delegate of the Cyber ​​Crimes Police Station in Recife (PE), electronic fraud and the invasion of devices are the most common crimes on networks in Brazil, and worldwide. “That’s why we are increasingly moving towards a world without passwords,” he says.

For Carlos Ferraz, professor at the Informatics Center at UFPE (Federal University of Pernambuco), despite being a little more secure, multifactor authentication has the drawback of being slower, as it requires more steps and devices that are not always close by.

In addition, many companies primarily use SMS as a second layer, a method that can be easily intercepted.

Outside the virtual world, another company that is looking for alternatives to passwords is Mastercard, which began testing in Brazil a payment system that uses facial recognition instead of cards, cell phones or passwords. A first phase of testing began in a supermarket chain in Greater São Paulo, and the company said it plans to expand its actions, including abroad.

While some companies put their solutions into practice, others study the best way to execute them. This is the case of Incognia, a company that was born at UFPE and is now headquartered in the city of Palo Alto, California (USA).

Professor Ferraz, who saw the project being born, says that the company’s focus is to develop anti-fraud systems based on the user’s location.

“If a device makes transactions in a banking application from a different location than usual, for example, an internal alert is issued asking the institution to take action, either blocking the movement or checking who is behind it instantly.”

Even so, despite the advancement of new technologies, it is not possible to decree the definitive end of passwords. For delegate Meneses, in the future all existing solutions will have to be combined. Ferraz, on the other hand, believes that our concept of password can change. “Surely they will be just one element among many available.”

Learn how to protect yourself while passwords don’t run out

• Consider using a password manager Applications of this type may store usernames and passwords that you use across multiple websites. Not only do they increase your security, they save you time. Many even auto-populate authentication fields and sync credentials across different devices.
• Beware of blows Always be suspicious of messages that arrive via SMS or email, especially if they come with an attachment and are from a sender you don’t know. Never click on links that look suspicious. Look at the sender’s email address and make sure it matches the institution’s URL
• Always update your apps or software on your devices Every day, users receive notifications on their devices for apps and operating systems to be updated. It is not recommended to postpone installations
• Use multi-factor authentication The additional steps are efficient and have been adopted by several services. Usually, a code is sent via SMS, email or phone call. This process takes a little longer, but it lessens the chances of your account being compromised.
• Use different passwords for different accounts Although it is easy and convenient to use the same password on multiple sites, it is worth remembering that this increases vulnerability
• Prefer biometric authentication options Many cell phones, tablets and notebooks already allow you to log in to the system and services using facial or digital biometrics, a safer way that does not depend on memorizing passwords