Should You Say Goodbye to Passwords in 2023?

Passwords are a fact of life whenever you need to access your online banking portal, shop on an e-commerce site, or check your social media feeds. However, more companies allow us to prove our identities without passwords. Should you take that approach?

Some Websites Don't Require a Password

Passwords are not the only ways to access accounts. That’s the main concept behind multiple-factor authentication, more commonly known as multifactor authentication. The most widely used multifactor authentication definition is that it relies on a piece of information you have. In contrast, a password is a piece of information you know.

A site may text a single-use numerical code to your phone, letting you use that to prove your identity. Many people also use their fingerprints to reach their device’s home screens rather than typing in passwords.

Some websites let users reduce the number of passwords to remember. That’s the case with email and social sign-in options. You still must enter one password, but there’s no need to create a new one if the site allows signing in with credentials used elsewhere.

The purpose of multifactor authentication is to make it harder for criminals to get unauthorized account access. It does that, but it isn’t a perfect solution. Consider an example where someone steals your phone and figures out your email based on auto-fill details stored in the device. They could then access various sites with the email address and see the multifactor authentication codes coming through your stolen phone.

Many People Want a Password-Free Future

Many websites and companies still require people to use passwords. However, data from a 2023 PYMNTS study indicated only 24.7% of people chose passwords as their preferred authentication study when accessing online banking portals. However, 51.7% of respondents have used and preferred authenticating with biometrics.

Bitwarden’s October 2022 study revealed how 66% of IT decision-makers have one to two user groups or multiple teams using passwordless options. About 13% had deployed those possibilities throughout their whole organizations.

Globalization Partners published an overview of security risks associated with remote work and cited statistics published elsewhere, including that 55% of workers under 30 make more mistakes while working from home. However, remote employees may find it easier to stay focused and reduce errors if they no longer need to remember passwords.

What's So Bad About Passwords?

Passwords are widely used but aren’t always the most secure option. Consider how a November 2022 report from Microsoft found a 74% increase in the estimated number of password attacks per second over the last year.

Some sites have password-setting instructions or assess the strength of a password someone inputs. You might think that would help people have better password hygiene, but not necessarily. Princeton University researchers examined the password policies for 120 of the world’s most popular English-language websites. The results showed only 15 followed best practices.

Plus, many people reuse passwords. They may conclude doing that helps them remember them, or they may use the same one out of spite when a service or employer requires periodic credential changes. However, using the same password can give a hacker that steals it access to multiple accounts.

When Security.org released its most recent annual password management study, it showed 25% of people store passwords in digital-note apps on their devices. Another quarter of respondents said they store passwords in their browsers. However, issues with these methods most notably arise when devices are stolen.

Passwordless Logins Aren't Yet Universal

If you’re ready to start accessing sites without passwords, that’s great. However, many sites don’t offer the option yet. Microsoft emerged as a leader among big tech companies when it made passwordless logins available in 2021. You have to set up a Microsoft app first, though.

A handy site called 2FA Directory shows there’s a long way to go for companies to even offer multifactor authentication as a login option. Language-learning app Duolingo, streaming sites HBO Max and Disney+, and food delivery provider Deliveroo are some of the many popular brands not yet offering multifactor authentication.

Asking them to allow logging in without a password is an even bigger step. Indeed, some multifactor authentication options are password-free. Many still require typing in a password or code at some point, though.

The good news is that both Apple and Google followed Microsoft by allowing passwordless logins for some interactions. Hopefully, that’ll mean more sites realize passwords are on the way out, and many people would like more-convenient options.

hand holding privacy security lock with code background

If you’ve ever assisted non-tech-savvy people with basic internet tasks, you probably know how even helping them set passwords poses challenges. Individuals already overwhelmed by technology may not be interested in logging in with a method other than a password. Even if you tell them about passwords’ security shortcomings, many would rather stick with what they know, especially if they only use the internet occasionally.

Think about how many separate tools and platforms you use during a typical workday. It could take years before you can access all of them without passwords. Some providers may never offer that possibility. An October 2022 survey from Secret Double Octopus found only 16% of organizations use multifactor authentication for all logins.

Your workplace might allow passwordless logins for your email and the company’s project management software. How much does that matter if you still need passwords for several other tools or sites used in your daily workflow?

Logging in without a password could make account recoveries more difficult after suspected or known hacks. Now, you change the password after being alerted about suspicious account activities. However, that’s not an option when the password is no longer a necessary credential.

Are You Ready to Progress Beyond Passwords?

Password-free logins undoubtedly have potential, and many people are eager to prove their identities without them. However, this is not a widely available option yet. 2023 may not be the year you go without passwords, despite the best efforts.

A practical compromise is to start using passwordless options on all sites you use that offer them. That’ll get you in the habit of going without passwords when you can. That change should feel more manageable if you make a full transition later.