Tech industry pushes for password-free future, but users remain cautious

Cybersecurity experts warn the shift to stronger authentication is long overdue, as weak, reused passwords fuel massive breaches, prompting Microsoft, Google, Apple, Amazon, and TikTok in the FIDO Alliance to champion biometric- and PIN-based passkeys over traditional credentials

Passwords, the long-standing cornerstone of online security, are facing mounting challenges from modern authentication methods such as biometrics, passkeys, and device-based verification. Yet, despite the growing push from technology leaders, many users remain hesitant to make the switch.

In a July blog post, two senior Microsoft executives declared that “the password era is ending,” highlighting the company’s years-long investment in more secure login options. Since May, Microsoft has been enabling password alternatives by default for new accounts, reflecting an industry-wide trend toward stronger digital safeguards.

Other major platforms have adopted similar approaches. OpenAI’s ChatGPT, for example, often requires multi-step verification, such as entering a one-time code sent to a verified email address, before granting access to sensitive content.

Weaknesses of passwords exposed

Cybersecurity experts argue that the shift is overdue. Benoit Grunemwald of ESET notes that many passwords are weak, frequently reused across services, and easily cracked—sometimes in mere seconds—by sophisticated attackers. Compounding the problem, stolen credentials often surface in large-scale data breaches. In June, researchers from Cybernews uncovered a staggering database containing 16 billion compromised login records.

To address these risks, global tech giants have united under the Fast Identity Online Alliance (FIDO), a consortium including Microsoft, Google, Apple, Amazon, and TikTok. The group advocates for “passkeys”—digital credentials stored on trusted devices that use biometrics or PINs for authentication, eliminating the need for traditional passwords.

Passkeys promise security, but adoption lags

Cybersecurity researcher Troy Hunt, creator of Have I Been Pwned, says passkeys significantly reduce phishing risks because they cannot be shared with fraudulent sites. However, he cautions that predictions of a “password-free” world have been made for over a decade without materializing. “We have more passwords today than we ever did before,” Hunt remarked.

One major obstacle is user adoption. Many websites still rely on simple username-password logins, and passkey systems require initial setup on a device. Recovery procedures—such as regaining access after losing a phone—can also be more complex than a standard password reset.

“The reason passwords persist is that everyone knows how to use them,” Hunt added.

Grunemwald warns that as authentication shifts to smartphones and personal devices, these will become prime targets for cybercriminals. “People will need to safeguard their devices more than ever,” he said, stressing that human vigilance will remain essential in the evolving landscape of online security.