Ctrl+Alt+Delete: It’s finally time to ditch passwords
OPNION: It was World Password Day recently, but instead of celebrating the security feature, Apple, Google and Microsoft teamed up to announce plans to scrap passwords for good.
All three companies revealed plans to implement “support for FIDO Sign-in standards” on future devices and platforms, which will supposedly remove the need for passwords. Instead, when signing into a device, application or website, you’ll simply need to unlock your phone in order to bypass the security measures, whether that’s via a fingerprint sensor, facial recognition or something else.
Kaspersky Home Security
Keep your online activity safe and private across multiple devices – without compromising speed.
Check out Kaspersky’s new security plans from just £10.99 per year
- £10.99 per year
I’m personally excited about the prospect of ditching passwords forever, and that’s not just because I’m lazy and prefer the convenience of tapping a fingerprint sensor. I also believe passwords are one of the least secure security options, so moving away from them could actually make our devices and private data more secure.
Of course, if we all created long passwords with a random string of letters, numbers and symbols, then it would be virtually impossible for somebody to crack your password. But the majority of us are guilty of using weak passwords.
According to NordPass in 2020, the top five most used passwords in the UK were:
Many of us are also guilty of using personal information when creating a password, involving the likes of a date of birth, name of a child or even their supported football club. A quick look at somebody’s Facebook profile could potentially give a hacker everything they need to guess your password.
It’s common for people to use the same password across multiple devices, websites and platforms too, so if somebody manages to guess one password, they’ll likely be able to access multiple other accounts.
But I’m keen to emphasise that I don’t blame anyone for using such basic passwords. After all, in the modern age we have so many different accounts (including social media, email, streaming services, online retail stores, delivery services and more) that it’s impractical to expect everyone to create and remember unique passwords for every single application.
We also have countless other options for sign-ins now. I own a Samsung Galaxy S21, and I love being able to unlock my phone by simply looking at the camera or prodding the screen with my finger. It’s so quick and seamless that I often forget my phone is using facial recognition to unlock – it just starts working right straight away.
It’s worth pointing out that these security measures aren’t perfect either. It’s possible to trick a fingerprint scanner with 3D moulds, which The Verge described as being “just a little harder than steaming open a letter”, while Vietnamese security firm Bkav unlocked an iPhone X with FaceID by using a 3D-printed mask.
But even if it is still possible to bypass a fingerprint or facial recognition security wall, it still requires a lot more effort to hack than simply guessing your simple password. It only takes someone to look over your shoulder to find out your phone or laptop’s password, while Apple claims there’s less than a 1 in 1,000,000 chance of a random person being able to unlock your iPhone or iPad Pro via FaceID.
It’s also great to see Apple, Google and Microsoft working together to come up with even more secure options. I’m intrigued to see how the universal passwordless sign-in standard by the FIDO Alliance will pan out, even if I am slighty sceptical by an increasing over reliance on smartphones. But let’s hope it does prove successful as I can’t wait to finally scrap passwords for good.
Ctrl+Alt+Delete is our weekly computing-focussed opinion column where we delve deeper into the world of computers, laptops, components, peripherals and more. Find it on Trusted Reviews every Saturday afternoon.