Passwords are at risk as technology companies pursue stricter security measures.

Fingerprints, access keys and facial recognition are putting a new squeeze on passwords as the traditional computer security method — but also running into public hesitancy.

“The password era is ending,” two senior figures at Microsoft wrote in a July blog post.

The technology behemoth has been developing "more secure" login alternatives for several years — and since May, these options have been provided by default to new users.

Numerous other online platforms — including the artificial intelligence powerhouse OpenAI’s ChatGPT chatbot — necessitate procedures such as entering a numerical code sent to a user’s registered email address before allowing access to potentially sensitive information.

"Passwords are frequently weak, and individuals tend to reuse them" across various online platforms, stated Benoit Grunemwald, a cybersecurity specialist at Eset.

He noted that sophisticated attackers can decipher a password consisting of eight characters or fewer in mere minutes or even seconds.

Moreover, passwords are often the coveted target in data breaches from online services, particularly in instances where "they are inadequately stored by those responsible for safeguarding them," Grunemwald remarked.

In June, researchers from the media organization Cybernews uncovered a vast database containing approximately 16 billion login credentials compiled from hacked files.

The increasing scrutiny on passwords has prompted technology giants to urgently seek safer alternatives.

– Challenging transition –
A consortium known as the Fast Identity Online Alliance (FIDO) unites major players such as Google, Microsoft, Apple, Amazon, and TikTok.

The companies have been engaged in the development and promotion of password-free login methods, particularly advocating for the use of what are known as access keys.

These access keys utilize a separate device, such as a smartphone, to authorize logins, depending on a PIN code or biometric verification like a fingerprint scanner or facial recognition instead of a traditional password.

Troy Hunt, the creator of the website Have I Been Pwned, which enables individuals to verify if their login information has been compromised online, asserts that these new systems offer significant benefits.

"With passkeys, you cannot inadvertently provide your passkey to a phishing site" — a website that imitates the look of a legitimate provider, such as an employer or bank, to trick individuals into submitting their login information — he remarked.

However, the Australian cybersecurity expert noted that the demise of passwords has been proclaimed numerous times in the past.

"A decade ago, we faced the same inquiry… the truth is that we currently possess more passwords than we ever have before," Hunt stated.

Despite many major platforms enhancing their login security, a considerable number of websites continue to rely on simple usernames and passwords as their authentication method.

The shift to a new system can also pose challenges for users.

Passkeys must be configured on a device prior to being utilized for login purposes.

Recovering them if a PIN code is forgotten or if a trusted smartphone is lost or stolen is also more complex than the standard password reset process.

“The thing that passwords have going for them, and the reason that we still have them, is that everybody knows how to use them,” Hunt said.

Ultimately the human factor will remain at the heart of computer security, Eset’s Grunemwald said.

“People will have to take good care of security on their smartphone and devices, because they’ll be the things most targeted” in future, he warned.