ProtonBlog
Subscribe by RSS
passwordless future

Is the future passwordless?

Son Nguyen

Share this page

With the advent of passkeys, plenty of people are predicting the end of passwords. Is the future passwordless, though? Or is there room for both types of authentication to exist side-by-side? 

At Proton, we are optimistic about passkeys and have introduced support for passkeys in our password manager. However, we are not ready to predict a future without passwords, and we believe there’s room for both technologies to coexist.

In this article, we go over these questions and tell you how Proton sees its place in this evolution.

What is passwordless authentication?

Passwordless authentication is a method to log in to your online account or app without using a password. There are a few ways to do this — like using a hardware key, or biometrics like a retina or fingerprint scan — but the easiest and most viable way for most people is to use passkeys.

The tech gets a little tricky, but the way passkeys work is that when you set one up with a service, a key is created. The service holds one part of it, and you hold the other. To gain access, you need to combine the two. This process of creating and combining the keys happens in the background, without you needing to do anything beyond giving permission to use the passkey.

When they’re properly implemented by the service, passkeys are great. They’re secure, easy to use, and it’s tempting to think they will replace passwords and passphrases. Much the same goes for fingerprint scans and hardware keys. They do away with a lot of the hassle associated with authentication. However, dig a little deeper and you’ll see there’s still a case to be made for doing things the old-fashioned way.

Issues with passwordless login

Most forms of passwordless authentication have some kind of issue stopping them from being a one-size-fits-all solution in the same way that passwords are. A good example is biometric login, which works great most of the time, but fails the moment your scanner breaks. This is one reason why you always set up a password or PIN before you scan a fingerprint; the more reliable tech acts as backup.

Much the same goes for hardware keys: They work extremely well, but the moment you lose the key, you may be permanently locked out of your accounts unless you have a recovery password in place. As a result, hardware keys are mostly used for two-factor authentication, when you need a second method on top of a password to prove your identity.

Passkey problems

Passkeys also have some issues that prevent them from becoming the default. Here is a breakdown.

Not supported on most websites and apps

First off, as a relatively new technology, passkeys aren’t supported by all sites and apps. While implementation is accelerating, passkey fans right now will often come away disappointed when trying to use passkey authentication. This situation will change, but we predict it will take years, mainly due to the tech being tough to implement.

Some issues with browsers

While most major browsers (Google Chrome, Mozilla Firefox, Microsoft Edge) support passkeys, many smaller players don’t as yet, or only in a limited fashion. If you use Opera, Brave, or something even more exotic, passkeys aren’t a great option for you.

Cross-platform support issues

There are also issues when using passkeys between platforms. For example, if you use a passkey created on an Apple device, you have to jump through some hoops to make it work with your Google account, locking you out until you use your password to authenticate. 

Only works on the latest operating systems

Since passkeys are new, that also means any tech you use them on needs to be new. For example, only iPhones running iOS 17 and Android 14 devices support passkeys, and even then there are issues. If you’re using older hardware and software, passkeys simply will not work.

Why Proton isn’t abandoning passwords

As a result, as much as we like passkeys for their speed and convenience, here at Proton we don’t believe that passwordless is the only future. Instead, passwords and passkeys will coexist, with some accounts accessible with a passkey and others using a combination of passwords and 2FA.

Because of this, we’ve developed our password manager, Proton Pass, to support passkeys alongside passwords, not instead of them. This isn’t just out of pragmatism, either: As a company that puts our community first, we give you the freedom to choose how best to secure your data for your accounts.

As a company that makes its money purely from subscriptions — no shareholders, no venture capital — we must prioritize your interests. We do this by making sure not only that you’re secure, but that you can choose how that looks for you. If you like the speed and convenience of passkeys, you may use them across all platforms that support it. If you prefer having 2FA for all your accounts, you can do that, too.

If you want to try a password manager that’s not just on the cutting edge but also lets you decide how close you get to the blade, Proton Pass has a free plan that lets you use almost all its features without spending a penny. What better way to get to know the not-quite passwordless future?

Protect your passwords
Create a free account

Related articles

What to do if someone steals your Social Security number
If you’re a United States citizen or permanent resident, you have a Social Security number (SSN). This number is the linchpin of much of your existence, linked to everything from your tax records to your credit cards. Theft is a massive problem, whic
compromised passwords
Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it? * What does compromised password mean? * How do pa
Is WeTransfer safe?
  • Privacy basics
Is WeTransfer safe?
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
what is a dictionary attack
Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts.  While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by usi
Data breaches are increasingly common. Whenever you sign up for an online service, you provide it with personal information that’s valuable to hackers, such as email addresses, passwords, phone numbers, and more. Unfortunately, many online services f
Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr