contador web Saltar al contenido

End of passwords? See six technologies that promise to replace codes | Security

Although the use of passwords to authenticate information on the Internet is quite traditional, technology companies have been developing several solutions to try to end "passwords". The consensus is that computers and systems will still use codes for a long time as a form of authentication, but users will need less and less to enter a password manually to login.

READ: Six times that technology 'denounced' people; Look

The ongoing alternatives involve applications such as password generators, which create, store and fill in passwords automatically; new ways to check biometrics and the use of physical devices when logging in to an online account sometimes, a solution can involve all the methods at once. Here are six technologies that promise to end passwords as we know them.

Microsoft already allows you to login without a password, using only your cell phone Photo: Divulgao / MicrosoftMicrosoft already allows you to login without a password, using only your cell phone Photo: Divulgao / Microsoft

Microsoft already allows you to login without a password, using only your cell phone Photo: Divulgao / Microsoft

Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo

1. Authentication applications

Authenticators in the form of applications are already beginning to replace passwords. Since 2018, Microsoft has allowed you to use Microsoft Authenticator to log into company services without having to enter codes. The feature needs to be configured only once to allow new entries just by clicking on a notification that arrives on the cell phone, which, in turn, is already protected by fingerprints or face scanning.

A similar feature is already used by Google, Apple and other companies when 2-step verification is enabled, but for now, only the Windows manufacturer allows you to use this feature without entering a password. Authentication apps are still compatible with few services. Microsoft only allows you to log into your company account and Office. If the trend spreads across the industry, passwords will soon give way to smartphones.

Android and iPhone can fill passwords automatically Photo: Divulgao / AppleAndroid and iPhone can fill passwords automatically Photo: Divulgao / Apple

Android and iPhone can fill passwords automatically Photo: Divulgao / Apple

2. Password managers

Password managers like LastPass and 1Password can circumvent the limitation of compatible services, as they usually work with any website: they create strong passwords automatically, store codes in the cloud and fill in login forms without having to type anything. However, in general, they still require a first login with a master password that the user needs to remember.

This may change with the evolution of the managers incorporated in the mobile operating systems. Android 10 and iOS 13 already fill in passwords automatically and eliminate the first login, since the user can authenticate on the phone with biometrics. On the other hand, these solutions do not yet offer an automatic password generator, which was still the user thinking about his own codes before recording in the digital safe.

Business systems integrate servers to allow single sign-on to systems and apps Photo: Reproduo / WindowsBusiness systems integrate servers to allow single sign-on to systems and apps Photo: Reproduo / Windows

Business systems integrate servers to allow single sign-on to systems and apps Photo: Reproduo / Windows

3. Business protocols

Initiatives to eliminate passwords in the business environment are more advanced. Some corporate networks already integrate identity servers with service providers so that a single authentication can release all the programs that the employee is entitled to without having to log in several times.

Which also changes the way each company allows you to log in. In general, eliminating passwords completely means offering computers with a fingerprint reader or infrared camera for facial recognition. Another solution is Microsoft's Azure Active Directory, which allows you to use the Authenticator app for the first entry in the systems: the user types an email on the web and confirms the identity by clicking on a notification on the smartphone to proceed.

Yubikey 5 compatible with FIDO2 and allows secure login on computer and mobile phone Photo: Divulgao / YubicoYubikey 5 compatible with FIDO2 and allows secure login on computer and mobile phone Photo: Divulgao / Yubico

Yubikey 5 compatible with FIDO2 and allows secure login on computer and mobile phone Photo: Divulgao / Yubico

Biometrics is widely used as a safe way to eliminate passwords, but the creators of the FIDO2 standard argue that the solution is not enough. The danger lies in the exposure of biometric data: digital, face and iris are always showing and can be stolen with the use of more advanced technologies. In addition, in the event of an account being hacked, the user cannot change the biometrics as he already does with a leaked password.

The idea of ??FIDO2 to circumvent the problem by combining a physical key, a biometric identification and information that only the user can know, such as a password or phrase, to make the process more secure. The compatibility of this type of service is still restricted, but it is already available on the market in the form of devices like the Yubikey 5, compatible with computers and cell phones via USB, Lightning or NFC.

US government technology analyzes how the user holds the cell phone Photo: Lucas Mendes / TechTudoUS government technology analyzes how the user holds the cell phone Photo: Lucas Mendes / TechTudo

US government technology analyzes how the user holds the cell phone Photo: Lucas Mendes / TechTudo

5. Continuous multi-factor authentication

The United States Department of Defense has been working on login technology that involves continuous identity verification. Instead of checking only at the entrance, the system intends to keep a constant monitoring of the user's behavior to make sure that it is the same person throughout the complete session.

The feature would use sensors and algorithms to track unique features in addition to digital, face or iris: for example, the way your finger slides over the screen and the way you hold your phone in your hands. Combining with nearby Wi-Fi and Bluetooth signals, among other factors, the technology could identify someone by context, eliminating the need to enter passwords.

'Brain password' uses brain waves as a password Photo: Reproduo / Kaspersky'Brain password' uses brain waves as a password Photo: Reproduo / Kaspersky

'Brain password' uses brain waves as a password Photo: Reproduo / Kaspersky

6. Brain and DNA biometrics

DNA biometrics can also replace passwords. Countries like Estonia are expanding programs for genetic analysis as a means of preventing diseases, in an initiative seen as the first step towards the use of technology as biometric authentication. But the alternative still does not eliminate a weakness in biometrics: if a hacker breaks into a server and steals the biometrics standard, the user cannot change it as a common password.

the one that enters a new type of biometrics called the brain password, which consists of a code created from brain waves generated when viewing a set of images. The solution would be difficult to implement because it would need a brain scanner installed on the computer, but it would be proof of hackers: in case of invasion, the user could reset the password by viewing a new set of images.

What is the best messenger? Opinion on TechTudo's Forum

'Worst Internet Passwords' Use Series Character Names

'Worst Internet Passwords' Use Series Character Names