Maybe It Is Time to Ditch Passwords
At first, the idea of ditching passwords seems like both an inconvenience and a threat to your online security. However, if you step back and take a look at how you really log in these days it begins to make a lot of sense.
People tend to be resistant to change, and I’m no different. I hate the fact Apple took the headphone jack away from us, Windows messing with the classic start menu sent me into a rage, and the fact my toothbrush has an app makes me wonder if companies are just making fun of us at this point. But sometimes, that rage is misplaced.
We don’t really use the start menu anymore because our most common apps are pinned to the taskbar, and a search function is a quicker method of accessing everything else. Similarly, passwords are both a hindrance and a security risk — especially when you compare them to other login methods. Several big companies are planning on doing away with the long-standing security feature, and I firmly believe they are doing the right thing.
You Log Into Everything With Google/Facebook/Apple/Microsoft Anyway
Passwords aren’t really that secure
You Can Log Into Everything With Your Phone
There are Still Rare Exceptions
You May Also Worry About Giving Big Tech Even More Power
On Balance, a Password-Free Life is an Easier Life
You Log Into Everything With Google/Facebook/Apple/Microsoft Anyway
If you’ve used any online service in recent years, you’ll have noticed a button on login and signup forms offering you the chance to just use an account you have with a major tech firm instead. Google is by far the most common option, but Facebook, Apple, and Microsoft also show up on various sites.
This is convenient for a number of reasons. Firstly, you don’t have to fill in your basic information every time you sign up to a new service. Over the course of say, a year, this will save you a lot of time. Beyond that, it makes logins quicker and more convenient because you don’t need to remember and write in a password.
There are also some minor concerns related to privacy, which we’ll take a closer look at later. These concerns don’t relate to Apple, so if you want to reap the benefits of these sign in systems with none of the downsides, an Apple account is the way to go.
Passwords aren’t really that secure
There’s also an argument it’s more secure in certain circumstances, or at least as secure as your Google account. If your computer is infected with some kind of keylogger, it will be able to track anything you type and relay that to anyone in charge of that malicious software. Relaying a mouse click, even on a specific box, doesn’t grant the same degree of access.
Most of the time, hackers don’t even need that. Companies suffer from data breaches all the time, so the chances are at least one of your passwords is somewhere on the internet and tied to your email address. The list of vulnerable companies includes popular password managers like LastPass, so you aren’t even safe using one of those to generate multiple, strong, passwords.
Although nothing is completely safe, you should use security features like two-factor authentication (2FA) even if you’re planning to cling on to your password. Some 2FA methods are both convenient and nearly uncrackable, so why aren’t they an accounts primary security feature?
You Can Log Into Everything With Your Phone
If you’re using one of the stronger 2FA methods, the chances are your smartphone will be involved. It’s a convenient place to host apps like Google Authenticator, and if its heavily linked to your Google account you may receive a popup asking you to confirm you’ve signed in.
Those popups have replaced my Google password. While you do initially need to set a password on your Google account, and can use that to log in from then on, I’ve actually long since forgotten mine. The reason it hasn’t been reset is the fact that resetting the popup involves proving my identity with my smartphone. At that point I’m logged into the account anyway, so I just don’t bother resetting my password and move on with my day instead.
So why haven’t I bothered with the reset? I can’t access the account with the password alone, so logging in would be a similar process even if I knew it. If I do lose my phone and somehow get “locked out” there are other ways to recover the account. So for the most part, that password is totally redundant and Google may as well do away with it.
Google isn’t the only company that currently offers password-less login. Microsoft and 1Password are amongst the many companies that allow you to go about your life without ever typing a long string of numbers and letters into a box. So while not all companies may have ditched passwords, and passwords are still an option amongst some that have, you do have plenty of alternative login options.
There are Still Rare Exceptions
There are times when a “password” may prove useful, but these are rare events and not something you’d use to log in several times a day. Recovery keys are basically big passwords, and there is a solid argument for them.
For a start, they’re long and incredibly hard to crack. They’re also stored offline, if you’re using them sensibly. The keys can either be written down on paper and stored in a locked desk, a safe, or hidden away in a random cubby hole somewhere on your property. Alternatively, you can just copy it onto a flash drive. Having multiple copies of the keys, both digital and physical, is somewhat sensible — just make sure none of those copies are on a device you regularly use and connect to the internet.
You May Also Worry About Giving Big Tech Even More Power
Going password free relies on trusting big tech. An account with either Apple, Google, Facebook, or Microsoft is essential, as that’s what you’ll be “logging in” with most of the time. Most of us have at least one of these accounts anyway, and there’s a good chance that the company knows a lot about us. Using it to remove passwords from your life will tell that company even more.
There’s somewhat of a data exchange when logging in with something like Google. The site you’re logging into will, at the very least, have access to your email address, though things like your physical address and phone number may also be revealed. Said site may also have access to your contacts list. All of this should be laid out on a kind of warning screen before you go ahead and sign in.
As for what the likes of Google get from the deal, signing in like this makes you a lot easier to track. The company has a better idea of what websites you visit, how long you spend on them, and what purchases have been made on said sites. This goes into the already huge pile of data that the company probably already has about you and your browsing habits. The amount of tracking varies from company to company, with Apple putting its customers’ privacy concerns at the forefront. If you genuinely have privacy concerns, creating an Apple account and using it wherever possible is currently the best way to go about things.
Things may get worse, though. If you dig through your Google account’s terms, you’ll see that the account exists at Google’s discretion. It can be snatched away at any time for any reason. If you think de-googling is difficult because you’ll lose your email address and need to switch phones, picture losing access to every account you have on every site you visit. A single big tech company may already be at the core of your online life, and that gives that company a lot of leverage, and Google is hardly alone in that concern.
On Balance, a Password-Free Life is an Easier Life
Despite a distrust of large companies located in Silicon Valley, and the knowledge that we could all be inconvenienced on an unfathomable level one day, going password-free is still the way forward. The convenience of creating “accounts” with a single click instead of filling in repetitive forms saves plenty of time — and logging in with a single click saves even more. There’s no wrangling with password managers, creating unique codes, or managing long lists of logins.
There are also potential security benefits, though you do have to make sure whatever account is logging you in is as secure as possible. Setting up secure 2FA (one that doesn’t involve emails or text messages) is a must, and you should double-check your recovery options so you won’t get locked out of absolutely everything.
It’s likely that Big Tech’s next controversial push might focus on the end of the password. For once, I think they’re doing the right thing.