It’s interesting to note that many people will happily unlock their phone by just looking at it and have no problem tapping their bank card against a store’s point of sale terminal, but if the term password security is presented to them, they have a blank expression, or worse, shrink away. Why are some technologies so readily accepted while others seem to be a tough sell?
Securing Our Data and Environments
In this AI-enhanced era, time is not our ally when it comes to keeping documents and environments secure. Threat actors from all over the world strive continually to break any type of security available, and passwords have long been a relatively easy mark. Most end users prefer passwords that are easy to remember, but, of course, that also makes them easier to guess, brute force, or spray. More complex, generated passwords are better, but this inspires bad actors to turn to social engineering to wheedle the secrets out of the human user rather than spend time and resources trying to crack the code.
The weak point of all passwords is that the secret, once revealed, is useless as a defence. Multi-factor authentication was the industry’s reaction to password weaknesses by adding layers. But these, too, are phishable and are prone to being intercepted. Although MFA and 2FA add this extra layer of security by demanding proof of your identity, they still end up at the same password. It also adds an extra step, more actions that people don’t like to do.
Introducing Passkeys – The End of The Password Era
The age of passwords has passed, and we have entered the age of passkeys. But the weird thing is that we, the end users, have entered this new age without being fully aware of it. Andrew Shikiar is the Executive Director and CEO of the FIDO Alliance, an open industry association that develops standards for authentication and device attestation, especially with passkeys. As a guest on the recent episode of the Thales Security Sessions podcast, he mentioned that over 13 billion user accounts already have the option of using a passkey instead of a password – and the technology has already been adopted and deployed by consumer services and enterprises alike. So, it’s undoubtedly already out there.
Passkeys’ ease of use, essentially a hidden activity inside a device like a phone, makes them effortless and much more secure. That’s the weird thing about this technology’s success. It doesn’t have to sell itself. People are just starting to adopt it passively.
Speaking on the same podcast is Pedro Martinez, Business Owner Digital Banking, who specializes in Identity and Access Management and Authentication. He added to Andrew’s comment, suggesting that the success of passkey adoption – one that has already exceeded industry expectations – perhaps lies in the fact that “sometimes the decision is being taken by service providers without necessarily announcing it or making any big deal about it. This, he points out, is what Apple did when they decided to introduce the usage of passkeys with the arrival of iOS 17. They did not promote it heavily; it just happened.
Passive Adoption That Works
Shikiar says that this has helped passkey technology become what he calls “a lowercase ‘b’ brand,” meaning that – all of the major providers like Google, Apple, and Microsoft are calling it the same thing, making it much more universal, without the confusion that often comes when individual manufacturers choose to protect their brands by adopting a unique name.
This passive adoption may be a cautionary tale of sorts. In the days prior to the COVID-19 lockdowns, many companies were trying to establish a foothold in the video chat marketplace with their own brand and approach. However, during this time, most people gravitated towards Zoom, a decision that surprised everyone, including the people at Zoom. For whatever reason, its functionality and universal access suited the needs of people who suddenly found themselves part of a video chat revolution without really being told what to do. Most recently, Zoom has quietly added AI technologies to intelligently summarize meetings. No fanfare, just a new button on the screen that says, “Write with AI” or “Generate an AI summary.” Other video chat technologies are doing the same, of course, but Zoom simply continues to move it along.
Of course, the grand prize in this exploration of passive adoption has to be ChatGPT. The general public was introduced to it largely by word of mouth. “It’s easy,” people would say, “Just go here and ask it to write something.” And that is, essentially, what it’s all about. No complex logons or memberships. It’s just there, and, to borrow Apple’s tagline, “it just works.”
Technology That’s Changing Our World
One can argue that ChatGPT has shortcomings, including hallucinations and the issue of sharing proprietary information while seeking an AI-generated answer. Still, no one can argue with the fact that it has well over 100 million users, and took only 5 days to reach its first million users, second only to Threads.
The last time a technology seemingly changed the world so effortlessly was arguably Facebook. Like ChatGPT, Facebook seemed to just appear on the scene and rocketed to stratospheric levels, mostly because it was fun and easy. It did not need a marketing campaign or a set of instructions; it rode to its unprecedented heights on sheer fascination, ease of use, and an exceedingly low barrier of fear.
Passkeys are doing the same thing. They are organic, passive, and need no explanation. Password managers, although excellent at what they do in generating and encrypting complex passwords, appear to have suffered from those all-too-human resistance factors: a preference for passwords people can remember and a fear of a password management application doing the hard work for them.
But passkeys don’t need a description. They just work, and that’s what we fallible humans seem to like the most.