Since the dawn of the internet age, anyone who has gone online has put together a combination of numbers, letters, and symbols to create a password. When a user types the correct password, they are then “verified” as the owner of this digital identity. As the amount of online services has increased, so has the number of online accounts a single person has, and with that the number of solutions to help consumers manage all of those accounts.
Businesses are equally afraid of data theft, especially with the boom in remote work following the pandemic. According to figures from Statista, the password management market will reach a valuation of $3 billion by 2025, demonstrating the abundant opportunities the sector holds.
The legacy passwords that we’ve been using for the last three decades not only fail to meet today’s security standards and the needs of online users, but are in fact the source of most current data security problems, with over 80% of data breaches occurring due to overly simple passwords.
With so many online services available, account-centric solutions have become a widely adopted alternative to passwords. For example, the SSO（Single Sign-On）services provided by internet giants like Facebook allow users to log in to third party services using their Facebook account. Besides being more convenient, SSO indeed increases the level of security for the password attached to the original user account. However, it also increases risk for those centralized tech giants that are managing a vast database of user IDs, accounts, and passwords. In 2018, a data breach in Facebook’s SSO system led to the leaking of nearly 50 million user accounts.
In light of these problems, many major companies are experimenting with non-traditional means of verifying user identities that could eliminate the need for centralized account and password databases.
Take Apple’s recently announced Passkey feature for example – the company proposes that it can now use biometric interfaces like TouchID and FaceID to create a set of private keys stored on a user’s device and synced to different devices through iCloud. The key that would be used to log in to different accounts would not accessible to anyone else, not even Apple.
Other common passwordless authentication methods include Magic Link, One-Time Password (OTP), and push authentication apps like Google Authenticator.
These kinds of digital identity authentification models will form the underlying architecture of today’s digital era. They won’t just enhance the user experience, but also dramatically reduce the risks of phishing or password database breaches.
Tech giants Apple, Microsoft, and Google have already announced their support for the FIDO Alliance Open Authentication Standards. However, the challenge of enabling cross-ecosystem authentication – such as using Apple’s Passkey for a Windows OS – still looms large.
Digital identity verification also forms a big pain point for users of decentralized applications. When users have to change previous account information into digital wallets, private keys, and mnemonic phrases, it only creates more information to manage. That’s on top of all of the pre-existing complexities resulting from competing schools of thought in the blockchain ecosystem. New blockchain service users must first figure out the registration methods of different digital wallets and note down a different set of mnemonic phrases and private keys for each one. Due to the difficulty, many users get cold feet and drop out at this stage, resulting in high user churn rates and slowing the adoption of blockchain technologies.
Thankfully, we are seeing some solutions to these problems appearing. In 2020, Cherubic Ventures invested in blockchain startup Magic, whose products integrate passwordless authentication with blockchain technology to provide users with a seamless registration experience on over 20 public blockchains. Users only need an email or social media account to log in and use blockchain services, greatly lowering the barrier to entry. Over twelve million people across the world are currently using Magic’s identity verification and user login products.
As the number of online account we each have grows, we can expect the demand for identity authentication and password management solutions to increase in step. Through the efforts of both the tech giants and startups, I think we might finally be ready to leave the days of being locked out of our accounts due to a forgotten password behind us. We’ll finally be able to reserve our all too precious brain space for more important things!