Passwordless future is already here
Hi frens,
Have you heard about the “passwordless future”?
It’s a “future” envisioned and endorsed by big companies (web2, if you will), where people don’t need to create a password for registering a web service.
So what’s the deal for that? People may use tens of web services, but people don’t remember tens of different passwords. Worst of all, some web services require useless password rules:
If you’re using a single password for every web service, you’re likely screwed. When any of the web services stored your single password without “hashing” it (I’ll talk about it later) and got hacked, your account on other web services would be compromised, too.
With the new “passkeys” mechanism, the system would automatically create a new passkey for every web service. Only the public key (safe for revealing) would be transferred to the web services, while the private key remains on the device. No password would be transmitted through the internet or stored on web services. Sounds great, right?
The problem is very few web services support passkeys years later. Probably because that may require lots of work to migrate the backend service.
And for web service operators, what are the benefits of implementing it? Most web services have implemented “password hashing”, which means the web service can verify the password without storing the original plaintext form. So even if it got hacked, the hacker would never get the users’ password.
So the benefits are actually on the user side. But with a password manager, it’s almost done. So I would predict that there will be little progress for web2 services to be in the “passwordless future”.
Now it comes to web3 services. Users log in with a crypto wallet. That’s a similar mechanism with passkeys - the private key remains on the device. No password would be transmitted through the internet or stored on web services.
The Passwordless future is already here. Welcome to the web3 world!
You may ask, why bothers using a crypto wallet to login? I have my password manager and it works fine. There are custodial wallets or centralized crypto exchanges (CEX), which can be used with a simple email or social login.
The critical new benefit of using a crypto wallet is, owning your digital assets guaranteed by cryptography. It’s like having your own safe, only the person with your crypto wallet key can open it, and that is you, nobody else.
The world is changing. Traditional banks and CEX aren’t really safe. Hold your assets and understand what it is.
Lastly, let’s talk about the passwordless future, again. As a software engineer, I’m supportive of it. As a regular user, I don’t really care. I don’t change my workflows unless there are new and great benefits for it. I’m a lazy user.
Years ago, I wasn’t keen on crypto assets, either. Then I found that it was me being too conservative. The more I learn about economics, the more I understand why crypto asset matters, and is still here to stay.
The future is not just about passwordless. The future is about having new assets.
Now that you’ve read my first letter, why not subscribe to it? There’s more to come.
See you next time.
Your friend,
Denken