How to prepare for a world without Passwords?

    How to prepare for a world without passwords

    Businesses are spending billions of dollars each year on cybersecurity solutions, but we’re still seeing a steady increase in security breaches. We hear about high-profile cases, but for every breach that makes headlines, countless others are just as devastating for businesses at every growth stage.

    Why are we seeing this increase? The answer is simple — no matter how strong your security infrastructure, most breaches today stem from the same culprit: Compromised login credentials. The password — the very tool that was designed to guard against cybercriminals — is fundamentally flawed because it relies on human behavior for its efficacy. 

    There is good news, however. Recent industry developments show promise in addressing this “password problem” with a new type of login that can replace passwords — the weakest link in the cyber defense chain — with un-fishable and frictionless passkeys.

    Cybersecurity has been an issue for a long time in tech — a constant concern over the last 30 years of my career at companies like IBM and HubSpot. This milestone is an opportunity to refocus on the basics of cybersecurity and address how the risk of not investing in this area will impact organizations, regardless of industry or stage of growth. Extending far beyond the dollar cost of a hack, a breach can lead to costly penalties, a tarnished brand, low employee morale, and possibly a damaged executive reputation.

    tech news Data privacy and hacking concept image with hacker arms emerging from laptop


    Transform 2023

    Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.

    Register Now

    The next wave of authentication technology is upon us. To prepare yourself and your workplace, here are three things to keep in mind.

    Think passwordless today for passkeys tomorrow

    As the CEO of a security company, I am a little more aware of password hygiene now than the average person — but I have to admit that I’ve fallen into bad behavior in the past.

    Growing up in Louisiana as a huge football fan, I remember setting up my first password and wanting to pick “LSU.” Sadly, the service required at least six characters (shamefully too few, I now know), so I went with “ELESHU” instead. I don’t use that one anymore, but as humans, we’re still too often tempted by shortcuts that expose our companies and ourselves to security risks. As a result, hackers have identified this type of behavior as their most promising attack vector, and we’ve seen tremendous growth in phishing incidents to steal user credentials.

    tech news Data privacy and hacking concept image with hacker arms emerging from laptop

    It should come as no surprise, then, that eliminating passwords has always been the goal. So what is a passkey, and why is it different? A passkey is a passwordless credential, where the website and the authenticator are communicating by exchanging keys. These cannot be seen or accessed by humans, removing all human-related risks of password usage.

    You can’t accidentally leave a passkey lying around, and there’s no need to worry about generating unique passwords. Passkeys are based on public-key cryptography, and unlike passwords, they don’t rely on storing shared secrets on servers. Humans can type passwords anywhere (sometimes accidentally on a website like instead of, but passkeys can’t be phished — they are bound to the website they are set up for.

    It’s hard to change human behavior, but we can change the way we approach authentication. Only a handful of websites currently support passkey-based authentication, but that doesn’t mean we need to wait around for adoption. Until passkeys become mainstream, you can experience the notion of passwordless authentication through biometrics, or via apps like Discord or Whatsapp using QR codes to allow cross-platform logins. 

    Consumers’ behavior will fuel adoption at work

    Next year marks the tenth anniversary of the FIDO Alliance, the industry group that’s been working on this problem. Their initial focus has clearly been on consumer applications, not business applications. That makes sense because our employees are consumers too, and their behavior as they shop and interact online will shape the way they interact at work.

    tech news Data privacy and hacking concept image with hacker arms emerging from laptop

    In general, I think there has been a major shift in business software, including security software — the user experience has to be consumer-grade to drive adoption and the expected broad availability of passkeys for sign-ins to various online services. So while the early evolution of passkey technology is geared toward consumer solutions, there is a rich supply of user problems that passkeys will address for businesses at any stage of growth.

    On average, internet users are juggling more than 200 logins for various accounts — with that, it only takes one wrong click, one convincing phishing email, or one reused password to disassemble an entire organization. The widespread shift to remote work only expanded the number of disparate applications and tools used by teams on a daily basis.

    As our workplaces become more digitized and distributed, the surface area that we leave vulnerable to bad actors grows larger and larger. A phishing-resistant solution like passkey addresses an obvious and urgent need, and the argument for a wide rollout of this technology has already been proven — Microsoft, Apple, and Google have made their bets, all recently launching passkey solutions.

    Don’t throw away your passwords yet

    A majority of popular websites are planning to deploy passkeys toward the end of 2023, and early adopters like PayPal are already offering passkey support for payment. However, during the transition period between passwords and passkeys, websites (like Paypal) will support both. This hybrid phase is important because the switch won’t happen overnight. Today, even diligent companies enforcing multi-factor authentication (MFA) are falling victim to disruptive attacks. Until passkey technology becomes ubiquitous, a combination of good password hygiene and MFA is still our safest bet.

    tech news Data privacy and hacking concept image with hacker arms emerging from laptop

    During this phase, make sure your organization understands the reasoning behind a move from MFA and passwords (which might have always felt like a pain point) to passkeys — the most secure, easy-to-use, interoperable, and trustworthy way for us to live and work online.

    JD Sherman is an advisor and board member of Dashlane.


    Welcome to the VentureBeat community!

    DataDecisionMakers is where experts, including the technical people doing data work, can share data-related insights and innovation.

    If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data tech, join us at DataDecisionMakers.


    How to deal with an egotistical CEO

    How to deal with an egotistical CEO

    Tech news Story by Sarah Geraghty Sarah Geraghty is Head of Careers with The Communications Clinic where she oversees interviewee and interviewer preparation training to hund (show all) Sarah Geraghty is Head of Careers with The Communications Clinic where she oversees interviewee and interviewer preparation training to hundreds of individuals at all levels in public […]

    Read More

    Feedback: I try to answer “how to become a systems engineer”

    Tech news I got some anonymous feedback a while back asking if I could do an article on how to become a systems engineer. I’m not entirely sure that I can, and part of that is the ambiguity in the request. To me, a “systems engineer” is a Real Engineer with actual certification and responsibilities […]

    Read More
    The Download: how to talk about AI, and Montana’s TikTok ban

    The Download: how to talk about AI, and Montana’s TikTok ban

    Tech news AI’s threat to humanity is equal to nuclear war, according to experts This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. How to talk about AI (even if you don’t know much about it) Everyone is talking about AI, it […]

    Read More