Passwords are likely to see a material decline within a decade, as more modern forms of protection for businesses and individuals emerge, according to Ollie Whitehouse, CTO of the UK National Cyber Security Centre (NCSC).
Talking at Tech World 2024 in London on 7 March, Whitehouse said it is clear that passwords need to be discontinued because they are not a sustainable means of authentication.
Go deeper with GlobalData
“Humans have been shown to be very suggestible to work around pretty much every technical security control that we can imagine,” Whitehouse said.
“I would suggest that we will start to see the material decline of passwords probably somewhere in the eight to 10 year, with increasing noise around viable solutions over the next two to five,” he added.
The NCSC CTO explained that passkeys could be the modern answer to passwords but noted that it would take some time before they became widespread.
Whitehouse predicted that the industry would reach an inflection point within the decade. Email providers will continue to use them by default, he said, but there will be a long tail in how they are proliferated across banking and other ancillary services.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalData“[Passkeys are] effectively identity tied to a device in your possession which you’re authenticating,” Whitehouse said. “Rather than the need for the kind of the running code on your phone, it is your phone, or it is the, you know, the hardware token of some kind.”
Apple has been key in spearheading the transition to a ‘passwordless’ world. In 2021, the iPhone maker announced Passkeys in iCloud Keychain, which lets users create accounts without a text password.
The technology is based on web authentication and replaces a text password with Face ID, Touch ID, or a security key that is synced across Apple devices using iCloud.
David Bicknell, principal analyst at research and analysis company GlobalData, told Verdict that he agreed with Whitehouse that passwords are unsustainable as a form of authentication. However, he believes that explaining the alternative to people may be difficult.
“Everyone knows what a password is, even if they have a tendency to forget them,” Bicknell said. “How do you explain a passkey? The terminology – and the process – to replace passwords must be easy to understand, for all generations.”
Whitehouse explained that despite technology clearly moving away from passwords, the industry is still figuring out how seamless authentication can be without them. However, passkeys certainly won’t be as seamless as passwords, “when you can call them after your cat,” Whitehouse said.
