Now that I have caught your attention I should start by saying that no, password managers aren’t useless, in fact I want everyone to get a password manager as soon as possible. Do away with the repetitive passwords and insecure passwords. I personally use 1Password and have been 3 years with it now. It’s one of my most used services of all time, without it I don’t know how I would have secured all my credentials to be unique and ready to take on anything.
I think the world is moving into a passwordless era. We have seen the slow adoption of YubiKeys which are quite passwordless themselves. The key itself, to be redundant, is the key. It’s all you need to unlock things. It has no password, but internally there’s a lot more going on that meets the eye. In a sense it doesn’t mean explicitly that you need a password to use it.
I personally don’t own a YubiKey myself. I’ve been on the fence for a while for one of them but at the same time I have found myself that I am okay using my fingerprint or face recognition. I think what I fear the most is losing the physical key and not knowing what to do.
Microsoft and the Windows Hello team are also moving into a passwordless era. I wouldn’t be surprised if Apple also be the first ones to fully go passwordless in a near future just for the sake of being the “first bringing the real change”, even though things like YubiKey have been around for a long time. But, Apple provides the influence and that’s the key for everything. The sooner people realize the importance of going passwordless, the better.
Things like using your smartphone’s NFC to unlock your computer, using whatever YubiKey with NFC to unlock things is becoming more common now. Have you ever thought about the contactless credit cards so you don’t have to go take the risk of swiping your card into a questionable card reader or a card reader that has been tampered with?
Of course, all these changes takes a while. These changes will take a decade to actually take place and I think that’s the most depressing part of this. You can have Apple and Microsoft innovating and change things but the reality is that not everyone is going to have the money for the latest technology.
YubiKey needs to become more accessible than $50-$70 bucks. Devices that provide access to these technologies also need to become more widely accepted and provide secure chips that can secure fingerprint/face recognition functionality and not compromise anything else.
At the same time this technology is also for people that manages important data. Servers of any type, sensitive documents, sensitive audio, sensitive videos, any archive that has any sense of confidentiality all falls into the need of passwordless solutions. Why? Because bruteforcing password is becoming easier or will become easier.
Because all the sites and applications all around the world does not do security the same way.
All things security are not equal. I could create an application right now and use md5 to store my passwords and in a month have a leak and get those passwords cracked.
In security, everyone is involved. Security teams, server administrators, database administrators, network teams from all different departments and yet it’s really hard to keep things secure.
I’m actually still waiting for Equifax to have any accountability for the massive leak. But everyone has forgotten. 147 million people were affected, and Equifax got away with a slap and that’s it.
Anyway that’s enough of my ramblings. Do dig more into passwordless solutions if you are interested! I’ll probably bring more entries related to that.