Among the most exciting future challenges that the IT sector will be called to face, a special mention certainly deserves the overcoming of the password and the captcha. Suffice it to say that in recent times, a consolidated IT multinational of the caliber of Microsoft has tried with Windows 11 to bypass the use of passwords to allow users to authenticate. In the current state of affairs, the main obstacle is the fact that users are required to log in on a daily basis: between different e-mail accounts, use of social networks, access to a bank account or other financial instruments, online services and so on. saying, there are numerous passwords to keep in mind. The problem is that the memory is labile and we tend to choose relatively simple passwords, and consequently not very secure. Other times, however, a single password is used to access multiple services, in order to avoid wasting too much time in each of the logins.

Two-factor authentication

Unfortunately, two-factor authentication did not have the desired effect: theoretically, it had to increase the general level of security, but in practice it gave rise to various difficulties in the access phase. Result? Longer times to access shift services. This is why, in the coming years, access to the reference services will have to be even simpler: passwordless systems will have to make access even more secure.

Overcoming the password: between past attempts that have failed and future challenges

The intention of wanting to go beyond the concept of password has already been evident for several years, given that attempts have been made several times in this regard: such as sending e-mails with authentication links that was not very reliable, many emails are in fact blocked by the providers and do not arrive at their destination, this has contributed to delaying the advent of a passwordless system for which, however, there should be no external services. To safeguard the privacy of those who surf the web, at the moment the use of a strong password, consisting of characters (upper and lower case), numbers and special symbols is the wisest choice, even if the main cost lies in the fact that it's hard to remember. However, it is possible to go further. Passwordless solutions, not exactly recent technologies, are a particularly good example in this regard.

Passwordless authentication: here is a brief explanation of how it works

As regards the operating logic of passwordless authentication, it is good to start from the assumption that there are two decisive elements for the positive outcome of the process: on the one hand, there is a public component, centered on systems that allow access to the service where you want to authenticate. In this case, the password is provided during registration, usually together with a username; on the other hand, instead, there is the private element, where in order to complete the authentication process, a physical device is strictly required, which is delivered to the user.

A classic example is that of the hardware token , capable of generating temporary codes, or the fingerprint reader of the person concerned. The same goes for voice recognition or for scanning the retina using a smartphone. The identification of the user, in fact, is carried out taking into account unique traits. In future years, the person concerned will be able to authenticate himself by inserting the public component within the web page of the service he wishes to access. Only later, will it be able to complete the operations, providing the private component to the remote service. A classic example will revolve around the use of the smartphone on which a notification message will be sent with the confirmation request, necessary to authenticate. Similarly, another example will be the use of special mobile apps with which to generate a temporary code to be typed in the reference web page.

What are the real advantages of a passwordless system?

Opting for a passwordless system means being able to take advantage of various advantages. In the first place, the access credentials of the various users of a service do not end up in the hands of the bad guys, in the face of possible system violations.

Another positive aspect for the person concerned lies in the fact that he is not required to remember passwords mnemonically. Organizations also benefit considerably when they decide to adopt a passwordless system: the problem of theft and loss of sensitive data is drastically reduced. The workloads on this topic tend to decrease significantly. In this way, productivity increases.

The Microsoft case

As already mentioned, even a multinational such as Microsoft is continuing to invest more and more in the passwordless world. The basic intent, in fact, consists in guaranteeing the user more opportunities to log in, even with just the smartphone, a device that, among other things, allows personal identification.

With Windows 10, the Colossus of Redmond had begun to integrate new technologies to support password solutions, providing the user with a whole series of apps that he simply had to install on his terminal. In this way, all the opportunities made available by TMP were fully exploited, a valid platform capable of better managing encryption to efficiently protect sensitive information and data. Therefore, thanks to passwordless technologies, access is more secure and simplified. In the case of companies, there are reliable partners who are able to provide particularly efficient themed software.

What to say in reference to CAPTCHAs?

A very important aspect is strictly connected to the CAPTCHA universe, that is to say those mechanisms, which are fundamental to verify that access to a given service is not a bot, but a physical person. Based on solving a quiz, recognizing photos or entering numbers, CAPTCHAs are increasingly in use these days. However, many of those who surf online consider them a real nuisance, as they waste time accessing a service.

How to get around CAPTCHAs? Cloudflare offers a valid solution

The experts point out that the resolution of CAPTCHAs is not easy at all, to the point that to get around them, every day it would be necessary to lose a period of time equal to 500 years. Of course, taking into account the totality of users who find them in front of them.

To bypass the problem, Cloudflare had a brilliant idea: replace them with FIDO2 keys, essential to allow individuals not to be bots. The beauty is that the privacy of these users is protected, as they are not required to reveal their identity. A special safety module is incorporated inside the FIDO2 key, containing a unique secret, signed by the device manufacturer.

The purpose of this form is to demonstrate that that particular user is the owner of that specific secret, without however revealing it. As an alternative to CAPTCHAs, the system developed by Cloudflare will still take some time to go to market. However, the preconditions for circumventing CAPTCHAs are starting to have solid roots. In a few years, the fruits of this work will be harvested.

Author: Loris Modena

SENIOR DEVELOPER

For Ind Loris Modena , owner of Arte e Informatica , he began working in the IT sector in 1989 as a system engineer in charge of the maintenance and installation of IT systems. He started programming for the web in 1997 dealing with CGI programming in PERL and then moving on to programming in PHP and JavaScript. In this period he approaches the Open source world and the management of Linux servers.

Product added to wishlist