3 Sep 2022
  • Website Development

From Passwords to Passwordless Security

Start Reading
By Tyrone Showers
Co-Founder Taliferro


I've been involved in cybersecurity for over 15 years. In that time, I have seen many changes in how we use passwords, two-factor authentication, and security questions. The good news is that there has been a shift towards using more secure authentication methods. The bad news is that we still haven't solved the problem of passwords being the weakest link in most security systems.

What's wrong with passwords

Passwords are not a secure way to authenticate. They're easy to guess and hard to remember, and you must keep up with them for every website you use. Passwords can be stolen in various ways, including phishing attacks or simply copying them from your browser history when you leave your computer unattended. Passwords are just too darned inconvenient. We need something better than passwords — but what?

2-factor authentication is a pain

And it should be; it's meant to keep your information safe from hackers. You're probably familiar with the process: you enter your password and then get a code texted to your phone that you must enter for your account to be unlocked. That's two factors, hence "2-factor" authentication. It's an extra layer of protection, so hackers can't get into your accounts without both pieces of information—your password and your phone number—which is excellent. But this additional security means more work for everyone else too.

Entering the code takes time and effort whenever someone wants to access their account. This can be tedious during brief sessions at work or school when we all want fast access to get back to what matters (like this article).

Getting the code on all our devices isn't always easy. Sometimes we don't even realize there are multiple devices until after someone has already stolen our identity. The thief creates new identities under their name instead of ours through clever trickery involving social media profiles or email addresses that were switched before anyone noticed anything suspicious.

Security questions are (not) the solution

We've all been there: you're at a new site, and they ask you to create a password. It's okay, though—they say they'll save it for you so that you don't have to remember it. Then, after entering your email address and setting up a secure password (hopefully), they say: "That's great! Now we just need to verify that this is really your account by asking some security questions." You're okay with this because you probably know the answers anyway. The only problem is that these questions are actually not secure; in fact, if someone wanted access to your account enough, they could guess the answer from knowing just a few facts about you (e.g., the name of my favorite band or song).

Security questions were designed with good intentions: give users control over their accounts by keeping them safe with something other than passwords alone and make sure everyone has an equal chance at access through these verifications instead of requiring everyone to use strong passwords themselves. But as we've seen above with our examples ("What city were you born in?"), there are several flaws within this design which makes them much less effective than intended when it comes down to protecting user accounts from hackers and bots looking for easy targets.

The future of authentication

Passwordless authentication is an essential part of the future of authentication. Passwordless authentication is more secure than traditional two-factor authentication because it's based on a single factor: you.

2FA has been around for years, and while it's been helpful in protecting your accounts, passwordless authentication offers something that 2FA can't: convenience. If you use the same password across all your accounts, they are all vulnerable if that one account is compromised by hackers.

Passwordless authentication removes this risk by using a token instead of a password alone and by tying it to your fingerprint or face scan instead of having to enter something static like characters into your device each time you want access to an account or service. The future of security will be based on these kinds of technologies which are not only easier for users but also more secure than anything else currently available today.

The future of security will be based on these kinds of technologies which are not only easier for users but also more secure than anything else currently available today!

Passwordless authentication is the future.

It's easy to use, saves time, and is more secure than traditional methods. It's easy for everyone involved—and it will save us all a lot of headaches in the long run.


The bottom line is that we're at a point where the need for secure authentication is more urgent than ever. With more and more of our data being stolen daily, using weak passwords that can be easily guessed or brute-forced is no longer an option.

Tyrone Showers