Proton
passwordless future

With the advent of passkeys, plenty of people are predicting the end of passwords. Is the future passwordless, though? Or is there room for both types of authentication to exist side-by-side? 

At Proton, we are optimistic about passkeys and have introduced support for passkeys in our password manager. However, we are not ready to predict a future without passwords, and we believe there’s room for both technologies to coexist.

In this article, we go over these questions and tell you how Proton sees its place in this evolution.

What is passwordless authentication?

Passwordless authentication is a method to log in to your online account or app without using a password. There are a few ways to do this — like using a hardware key, or biometrics like a retina or fingerprint scan — but the easiest and most viable way for most people is to use passkeys.

The tech gets a little tricky, but the way passkeys work is that when you set one up with a service, a key is created. The service holds one part of it, and you hold the other. To gain access, you need to combine the two. This process of creating and combining the keys happens in the background, without you needing to do anything beyond giving permission to use the passkey.

When they’re properly implemented by the service, passkeys are great. They’re secure, easy to use, and it’s tempting to think they will replace passwords and passphrases. Much the same goes for fingerprint scans and hardware keys. They do away with a lot of the hassle associated with authentication. However, dig a little deeper and you’ll see there’s still a case to be made for doing things the old-fashioned way.

Issues with passwordless login

Most forms of passwordless authentication have some kind of issue stopping them from being a one-size-fits-all solution in the same way that passwords are. A good example is biometric login, which works great most of the time, but fails the moment your scanner breaks. This is one reason why you always set up a password or PIN before you scan a fingerprint; the more reliable tech acts as backup.

Much the same goes for hardware keys: They work extremely well, but the moment you lose the key, you may be permanently locked out of your accounts unless you have a recovery password in place. As a result, hardware keys are mostly used for two-factor authentication, when you need a second method on top of a password to prove your identity.

Passkey problems

Passkeys also have some issues that prevent them from becoming the default. Here is a breakdown.

Not supported on most websites and apps

First off, as a relatively new technology, passkeys aren’t supported by all sites and apps. While implementation is accelerating, passkey fans right now will often come away disappointed when trying to use passkey authentication. This situation will change, but we predict it will take years, mainly due to the tech being tough to implement.

Some issues with browsers

While most major browsers (Google Chrome, Mozilla Firefox, Microsoft Edge) support passkeys, many smaller players don’t as yet, or only in a limited fashion. If you use Opera, Brave, or something even more exotic, passkeys aren’t a great option for you.

Cross-platform support issues

There are also issues when using passkeys between platforms. For example, if you use a passkey created on an Apple device, you have to jump through some hoops to make it work with your Google account, locking you out until you use your password to authenticate. 

Only works on the latest operating systems

Since passkeys are new, that also means any tech you use them on needs to be new. For example, only iPhones running iOS 17 and Android 14 devices support passkeys, and even then there are issues. If you’re using older hardware and software, passkeys simply will not work.

Why Proton isn’t abandoning passwords

As a result, as much as we like passkeys for their speed and convenience, here at Proton we don’t believe that passwordless is the only future. Instead, passwords and passkeys will coexist, with some accounts accessible with a passkey and others using a combination of passwords and 2FA.

Because of this, we’ve developed our password manager, Proton Pass, to support passkeys alongside passwords, not instead of them. This isn’t just out of pragmatism, either: As a company that puts our community first, we give you the freedom to choose how best to secure your data for your accounts.

As a company that makes its money purely from subscriptions — no shareholders, no venture capital — we must prioritize your interests. We do this by making sure not only that you’re secure, but that you can choose how that looks for you. If you like the speed and convenience of passkeys, you may use them across all platforms that support it. If you prefer having 2FA for all your accounts, you can do that, too.

If you want to try a password manager that’s not just on the cutting edge but also lets you decide how close you get to the blade, Proton Pass has a free plan that lets you use almost all its features without spending a penny. What better way to get to know the not-quite passwordless future?

Protect your passwords
Skapa ett gratis konto

Related articles

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
en
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
en
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
en
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
en
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
en
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
en
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.