Skip to Content

Is the Password on its Way Out?

November 19, 2014

After high-profile hacks and thefts, online services and device manufacturers are warming to technologies, such as fingerprint sensors or voice recognition software, that can improve security by accompanying or replacing passwords. To streamline the effort, authentication technology providers are working toward a common standard for implementing these password alternatives. Here are some of the ways these technologies will reach everyday Internet users.

FIDO Frameworks

A group of six companies came together in July 2012 with the goal of creating a standard for such password alternatives as fingerprints. They formed the Fast Identity Online Alliance (FIDO), a consortium that now has more than 100 members, including Alibaba, Google, Microsoft, Visa, and MasterCard. It is developing two approaches to authenticating users. Both involve storing identifying information on a physical device rather than on servers, which hackers can attack to download thousands of records en masse. The idea is to make large-scale password breaches impossible. Authentication technology provider Nok Nok Labs explains the basic concept in this video.

One framework, known as the Universal Authentication Framework (UAF), allows for user experiences that do not require traditional alphanumeric passwords at all. If an online service requests authentication to perform a function such as a money transfer, a person would need to provide biometric information like a fingerprint on his or her device before the transaction could go through. UAF can be strengthened further by combining a biometric with another factor, like a PIN number.

The other one, Universal Second Factor (U2F), does not eliminate passwords, but instead bolsters them by requiring people logging in to a service to prove their identity with a unique physical device that only they can access. They would log in with their typical username and password, but then the website would ask them to present this second form of authentication, such as by pressing a USB device or by tapping it against the near field communication (NFC) tag on their smartphone.

More information on how these frameworks generally work is available here.

Google Security Key

Google has introduced a new physical device based on one of the FIDO frameworks to add a layer of security when its users are logging into their Google accounts through its Chrome browser. To use it, people would buy the physical key and insert it into their computer’s USB port. When logging into Google’s services with their normal password, the site would prompt them to tap the key. Already, Google has a version of this “two-factor authentication”: it asks people to enter a six-digit PIN code that Google sends them via text message. But this physical key is safer than these one-time passcodes because it uses cryptography that can work only with legitimate websites, Google says.

Fingerprint Sensor

Nok Nok Labs, a founding member of the FIDO Alliance, developed the technology for the fingerprint sensor on the Samsung Galaxy S5—the first smartphone to meet the group’s standards. The sensor can be used to unlock the device or to access other services, like PayPal’s mobile app and Alipay, Alibaba’s payment tool for Chinese users.

Voice Authentication

Agnitio first started developing voice authentication technology a decade ago to help Spanish police look for criminals based on their voices. Now the company expects to supply its software to devices coming out next year. When the software is downloaded on wearable or mobile devices, a person would speak into the microphone and the device would see whether it matches his or her “voiceprint,” a digital file that contains the characteristics of a person’s voice. Call centers use Agnitio’s technology to protect fraud by identifying people based on their voices, and the software verifies the voices of seven million people in South Africa who call a number to prove they are alive in order to receive their pension checks.

Apple Fingerprints

Apple is not a FIDO Alliance member, but it has already deployed fingerprint sensors on the iPhone 5s and 6 that can be used in many instances instead of a four-digit passcode. In October, the company announced that iPhone 6 users can make payments just by touching the fingerprint sensor and placing the device’s near-field communication antenna near a reader at a store checkout counter. This service, Apple Pay, is designed to be secure because credit card numbers are never sent to or from a store. Instead, the merchant receives an encrypted confirmation from a payment processor such as Visa.

Password Stand-in

Dashlane lets you forget all your passwords—though it doesn’t eliminate them from the Web experience. Instead, this startup creates a super-safe password (one that is unique and hard to guess) for each online service a person uses—and Dashlane automatically enters them rather than the user. The user does this by logging into to Dashlane’s desktop client or mobile app, where it stores the user’s passwords with a military-grade encryption algorithm. These passwords can be decrypted only with a master key that is chosen by the user and never stored on Dashlane’s servers.

The Takeaway:

FIDO Alliance’s technologies could eliminate the use of passwords altogether, but a gradual decrease in the reliance on passwords appears to be the more likely scenario in the next few years. In addition to the FIDO members and Apple, many other startups are bringing their own flavors of authentication software to the market.

Do you have a big question? Send suggestions to

Deep Dive


Five poems about the mind

DREAM VENDING MACHINE I feed it coins and watch the spring coil back,the clunk of a vacuum-packed, foil-wrappeddream dropping into the tray. It dispenses all kinds of dreams—bad dreams, good dreams,short nightmares to stave off worse ones, recurring dreams with a teacake marshmallow center.Hardboiled caramel dreams to tuck in your cheek,a bag of orange dreams…

Work reinvented: Tech will drive the office evolution

As organizations navigate a new world of hybrid work, tech innovation will be crucial for employee connection and collaboration.

lucid dreaming concept
lucid dreaming concept

I taught myself to lucid dream. You can too.

We still don’t know much about the experience of being aware that you’re dreaming—but a few researchers think it could help us find out more about how the brain works.

panpsychism concept
panpsychism concept

Is everything in the world a little bit conscious?

The idea that consciousness is widespread is attractive to many for intellectual and, perhaps, also emotional
reasons. But can it be tested? Surprisingly, perhaps it can.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.