Why We Need to Get Rid of Passwords with Passage’s Nick Hodges

Passwords have been around since the 1960s and as a means to keep someone out of a non-connected terminal, they were relatively secure. The scale of a compromised system was relatively low. But the world has changed drastically in that time. Every computer is connected to a massive network of other computers. The impact scale of a compromised password is multiple times more problematic than it was even 30 years ago, yet we continue to rely on passwords as a security means to protect account information.

Security means like longer passwords, more complicated schemes, no dictionary words, and even two-factor authentication have had limited success with stopping hacks. Additionally, each of these requirements adds friction to a user accomplishing their task, whether that's to buy a product, communicate with friends, or login to critical systems.

WebAuthN is a standard protocol for supporting passwordless authentication based on a combination of a user identifier and biometrics. Consumers can simply login via their email and using their thumb print on their phone or relying on facial recognition on their device. Passwordless authentication not only reduces frictions for users, but it removes a massive security vulnerability, the password.

Nick Hodges, Developer Advocate at Passage, joins the show to share his knowledge and expertise about the security issues with traditional passwords, how passwordless works and addresses historical security issues, and how Passage.id can be used to quickly create a passwordless authentication systems for your product.

Topics:

• What’s the problem with passwords?
• Why have passwords stuck along so long?
• What’s it mean to go passwordless?
• What is a passkey and how do they work?
• How does the privacy and security of a passkey compare to a standard password?
• A Passkey is stored within the Trusted Platform Module of a phone. What happens if someone steals my phone?
• What happens if I upgrade my device? Do my passkeys come with me?
• What are the potential security risks or limitations of passkey based login?
• What if I don’t have my phone? Can I still login?
• Can you share an account with someone else? How does that work?
• When a business switches over to using a passkey approach, what’s the reaction from their customers?
• Is there a big educational challenge to convince companies to ditch passwords?
• Why is a passkey approach to login not more widely adopted? What’s stopping mainstream use?
• What is Passage and how is helping businesses go passwordless?
• Who’s your typical customer? Startups just building their auth system or are people replacing existing systems for this approach?
• What’s it take to get started? How hard would it be for me to rip out my existing authentication and adopt Passage?
• What are your thoughts on the future of passwords and password security? How far away are we from completely getting rid of passwords?
• What’s next for Passage? Anything on the future roadmap that you can share?

Resources:

• Passage
• Passage Demo
• Connect with Nick