Skip to content

News

Password alternatives: The path to a password-free future?

Hand on heart: Do you update your passwords regularly? Or are you more the type of internet user who relies on long-term password use? Every year, the national "Change Your Password" day reminds users that it is not only important to use secure passwords, but also to change them regularly. But will this still be necessary in the future?

Eine Person hält ein Smarthone mit dem Bild eines geschlossenen Bügelschlosses auf dem Bildschirm.
01/02/2022 | Essen

Are passwords sufficient protection?

Whether it's logging on to a work computer, logging into online banking or accessing a customer profile - passwords are part of most of our everyday (digital) lives. So it's no wonder that many users often fall back on passwords that are too simple due to the large number of password queries they are constantly confronted with, but also regularly use the same passwords. At the same time, passwords alone - even supposedly secure ones - are no longer enough to protect digital identities and sensitive data in light of the rise in cybercrime.
 

5 alternatives to the traditional password

The shift from traditional passwords to passwordless authentication is continuing. Increased remote working as a result of the coronavirus pandemic has also given the topic a further boost. This is because more location-flexible working models also require new IT security concepts.

Some alternatives that either add another factor to the traditional password or replace it completely are already in use today:
 

  • Two-factor authentication: Two-factor authentication combines two different identity verification methods to enable double-secure authentication. Well-known examples that can go hand in hand with the password request are additional confirmation codes via SMS, the verification of biometric features or the use of a USB token.
     
  • Biometric data: Retina scanners, fingerprint sensors, voice and facial recognition enable uncomplicated authentication using biometric features. On the user side, they either completely replace the traditional password or become a second factor in the password prompt. The drawback: passwords can be changed, but biometric features cannot. Once they have been hacked, cyber criminals are in principle in possession of the sensitive information forever.
     
  • Web authentication via FIDO: With Fast Identity Online (FIDO), the FIDO Alliance has set itself the goal of simplifying authentication on the Internet and enabling completely password-free log-ins. The tools required for this are authenticators, such as FIDO keys, wearables or mobile devices, which must be unlocked locally by the user. Authentication is then carried out by comparing the private key securely stored on the authenticator with the public key FIDO2 key in the key database of the corresponding web service.
     
  • Zero login: Zero login relies on the use of unique behavioural characteristics, including individual typing patterns or pressure exerted on the screen or certain keys. The aim is for corresponding devices to recognise characteristic identification features, which then lead to unique authentication. If a behaviour deviates from that of the usual user, the corresponding device asks for a password or another means of authentication.
     
  • Microchip implants: Admittedly, this password alternative sounds a bit like something out of a science fiction film. However, more and more people are already voluntarily wearing microchips under their skin, which, among other things, make it possible to log in to many programmes without the hassle of entering a password.
     

It is not yet possible to say which of these alternatives will prevail in the future. Regardless of this, however, one problem remains: Although users may not be required to enter a physical password, the data behind the procedures is often stored in the backend on a central server, which makes it particularly attractive to cyber criminals. This means that there is no guarantee that the corresponding data will be protected from hacker attacks in the future. Companies that rely on passwordless authentication should therefore combine this with intelligent management of access data and appropriate IT security measures. In addition penetration tests can also help to uncover potential security vulnerabilities.
 

Conclusion

The "change-your-password" tag is therefore still justified at present. Even though research in the field of access management continues to progress, traditional password queries are still being used in many places. It is therefore still important to choose a separate, strong password for each account and to change it as soon as there are signs that it may have been compromised.