Experts have been predicting the end of passwords for years. Thanks to the rise of passkeys, that prediction is getting closer to becoming reality. But is going passwordless realistic? Or is there room for multiple types of authentication to exist side-by-side?
At Proton, we’re optimistic about passkeys and have introduced support for passkeys in our password manager. However, we also believe passwords still serve a purpose in online security. Instead of choosing one or the other, the future may be about giving you the flexibility to use both.
In this article, we’ll explore the idea of a passwordless future — and how Proton Pass helps you stay secure no matter how you log in.
- What is passwordless authentication?
- Why passwords haven’t been replaced yet
- The limitations of passkeys
- Why Proton isn’t abandoning passwords
What is passwordless authentication?
Passwordless authentication, as the name suggests, refers to methods of logging in to an online account or app without a password. There are a few ways to do this — like using a hardware key or biometrics like a retina or fingerprint scan — but the easiest and most viable way for most people is to use passkeys.
The tech gets a little tricky, but the way passkeys work is that when you set one up with a service, a key is created. The service holds one part of it, and you hold the other. To gain access, you need to combine the two. This process of creating and combining the keys happens in the background, without you needing to do anything beyond giving permission to use the passkey.
Passkeys are one of the best ways authenticate accounts — provided the app or service properly implements them. They’re secure, easy to use, and it’s tempting to think they will replace passwords and passphrases. The same goes for fingerprint scans and hardware keys. They eliminate a lot of the hassle associated with authentication. However, dig a little deeper and there are still cases where old-fashioned passwords are useful.
Why passwords haven’t been replaced yet
Most forms of passwordless authentication have some issue stopping them from being a one-size-fits-all solution in the same way that passwords are. A good example is biometric logins, which work great — until your scanner breaks. This is one reason why you always set up a password or PIN before you scan a fingerprint. Passwords, the more reliable tech, act as a backup.
The same goes for hardware keys. They work extremely well, as long as you have it. If you lose your key, you could be permanently locked out of your accounts unless you set up a recovery password. As a result, hardware keys are mostly used for two-factor authentication, when you need a second method on top of a password to prove your identity.
The limitations of passkeys
Passkeys have some issues that prevent them from becoming the default. Here are the most common:
Not supported on most websites and apps
First, as a relatively new technology, passkeys aren’t supported by all sites and apps. While implementation is accelerating, passkey fans will often be disappointed when trying to use passkey authentication. This situation will change, but we predict it will take years, mainly due to the difficulty implementing the tech.
Some issues with browsers
While most major browsers (Google Chrome, Mozilla Firefox, Microsoft Edge) support passkeys, many smaller players either don’t or only support them in a limited fashion. If you use Opera, Brave, or something even more niche, passkeys aren’t always a great or even viable option.
Cross-platform support issues
There are also issues when using passkeys between platforms. For example, if you use a passkey created on an Apple device, you have to jump through some hoops to make it work with your Google account, locking you out until you use your password to authenticate.
Limited to newer operating systems
Passkeys took off as method of passwordless authentication in 2021, so any tech you use them on needs to be new. For example, only iPhones running iOS 17 and Android 14 devices support passkeys, and even then there are issues. If you’re using older hardware and software, passkeys simply won’t work.
Why Proton isn’t abandoning passwords
As a result, as much as we like passkeys for their speed and convenience, here at Proton, we don’t believe that the future will be entirely passwordless. Instead, passwords and passkeys will coexist, with some accounts accessible with a passkey and others using a combination of passwords and 2FA.
As a company that puts our community first, we give you the freedom to choose how best to secure your data for your accounts. We developed Proton Pass to support passkeys alongside passwords, not instead of them.
If you like the speed and convenience of passkeys, you may use them across all platforms that support it. If you prefer having 2FA for all your accounts, you can do that, too. 2FA for all your accounts, you can do that, too.
If you want to try a password manager that’s not just on the cutting edge of cybersecurity but also lets you decide how close you get to the blade, Proton Pass has a Free plan offering better features than legacy password managers. Our premium plan Proton Pass Plus goes even further. What better way to get to know the not-quite passwordless future?
