Is Passwordless Feasible or Aspirational?

Microsoft is just one example of a brand that has been talking about going ‘passwordless’ for many years. The reason for the buzz around this topic is because many see passwords as the weakest links in cyber security, relying on end users to choose sufficiently complex passwords and of course then not willingly handing them over to the attacker.

Above are a few statistics collected in a recent study by Cybersecurity Insiders and Hypr which shows a growing demand for passwordless to protect against a range of cyber security vulnerabilities.

Recently, our team discussed whether passwordless was feasible or aspirational. Here is the conclusion that we came to.

Two roles where AI plays a part in going passwordless is where the user’s typing patterns/behaviours or voice recognition are utilized. The possibilities with AI have truly advanced technology but how advanced is tech right now for this type of AI? For example, one technology that is used frequently as a password alternative is facial recognition; it is an alternative which is still moderately new for commercial use. One change in society, the use of face masks, has made the advancement insignificantly less effective to the point where users have to fall back to using passwords. In terms of AI, it has come a long way but the technology is still far from being commercially used.

Another question with AI is, what kind of cyber security threats will AI open users and corporations to? One suggestion that was made was how comfortable people would be to record their voices or typing patterns for AI to use. Although arguably many people do this already to control their televisions, watches, phones, cars and smart speakers.

This information could create new types of security threats, one example is spoofing using the new type of data. One fact that has been made very clear throughout the pandemic, is that cyber criminals are efficient at improvising with current trends and events. Covid has been used throughout the pandemic in cyber attacks, taking advantage of the change of events like staff working from home.

In conclusion, the concept of being fully passwordless is still aspirational. Currently, a lot of the technology, example being AI, is not advanced enough with alternatives having to rely on passwords being the fallback somewhere in the chain.