Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you

Is there such a thing as a password-less password?

Whether you call it a PIN or a password, the idea of a password hasn’t changed, and you still need to memorise a bunch of codes. Or has it?

With World Password Day only having been passed recently, we wouldn’t blame you if you’d checked your passwords and wondered if perhaps there was a different way of doing things.

We all have so many passwords, and while we hope your passwords aren’t quite as bad as the worst passwords announced each year, sometimes it can be hard to collect all of them together, or even to come up with ciphers that make your passwords truly memorable.

While the idea is often to have a password manager do the job for you, unless you’re a security expert or someone passionate about technology, there’s a good chance you’re scribbling your passwords down in a written book somewhere, and often trying to make heads or tails of your own writing, and whether you meant to write a one, an L, an O, or even a zero.

That might lead you to another question, because if password collections feel like a bit of a problem, it’s because they might be. However, there might be such thing as a password-less password.

What else can be a password?

With all the services we have these days, it’s worth noting that we’re not moving away from the idea of passwords anytime soon, and lots of things can act as a password.

You’ll know this all too well if you own a recent phone, because almost every phone out there made in the last three years supports a form of biometric security. Biometric passwords are passwords that use a part of your body for authentication, such as your face or your finger, and there have even been eye scanners in some phones, too.

Every time you pay for something using an iPhone XR or iPhone 12 — or pretty much any iPhone without the home button — you’re unlocking your phone and payment option using Face ID, which like the facial security on Android devices, uses your image to unlock your security. When you use the Touch ID on an iPhone 8, an iPhone SE, a Google Pixel 5, or any number of the phones with a fingerprint sensor, you’re using the image of your fingerprint to do the same.

Biometric security can act as a password for your devices, even if it sort of sits over another password, often being the PIN to let you unlock your phone.

But password-less passwords can be something else: they might even be a piece of hardware in your life.

Passwords on a stick

Yubikey password security stick

While you might be carrying less hardware than usual these days, you still probably have keys. And on those keys might be a car key fob, or even a USB stick, still.

Even though the latter of these is a little rare, one option for a password-less world is to carry a password stick with all your passwords on it. Depending on the device you need to plug it into, you can either use a USB version or a wireless tap model that uses the same Near-Field Communication technology as mobile payment solutions to have a password make its way from stick to phone.

Also called a “security key”, it’s a concept used by large businesses, and essentially provides a password-less system that still has the passwords on it, but plugs in and taps to devices so you don’t need to type anything in. Companies that make these include Google, Yubico, Kensington, and others.

“People tend to forget passwords or have so many to remember that they use the same insecure simple password for everything,” said Geoff Schomburgk, Vice President of Yubico in Australia and New Zealand.

“All you need to do is touch the YubiKey or tap it on your phone for the NFC version to log in, so it is much easier than typing in a password,” he said.

Password-less passwords might even be your phone

However instead of a password, your next way of logging in might even be your phone, which is something Google has engaged, among others.

Using two-step authentication, you still may need your password, but can also rely on your phone to prompt you when someone is logging in. This could happen with a text message or email sending you a code, or even you using a special authentication app with its own code, but it essentially makes it harder for someone to break into your account if your password makes its way into the open.

Bring it together with multi-factor

Once you understand two-step authentication, you can bring it all together with multi-factor authentication, which means more than two methods of authentication to log in to a service. Known as 2FA for “two-factor authentication”, 3FA for “three-factor authentication”, or just plain MFA for “multi-factor authentication”, it means having several methods of login checks to make sure there’s a semblance of security as you log in.

Think of typing in your password, and then needing to check your email and phone for authentication to log in and use that account. It’s the sort of thing that you’ll likely apply to services of high security, or even just so you can tie them down to an app on your phone during the first install, so it doesn’t need to happen again.

Essentially, you’re just doing what you can to make sure your devices are connected to your accounts in the most secure ways possible.

Read next