Dive Brief:
- Google rolled out a feature Wednesday that allows account holders to create passkeys, part of a wider move to phase out passwords across the industry.
- Passkeys are stored on local computers or mobile devices, reducing the risk of credentials being hacked through a phishing attack. Passkeys allow users to sign into apps and sites the same way as they would access their devices, such as a face scan or fingerprint.
- Dashlane separately announced a feature called passwordless login Wednesday, which means users of the password manager will no longer need to create a master password to access the service.
Dive Insight:
The changes from Google and Dashlane reflect a wider effort across the technology industry to end the use of passwords as an authentication method.
Over the past year the industry has endured a wave of data breaches and ransomware attacks that began with phishing attacks against company employees or third-party vendors.
Once those credentials were compromised, malicious actors can gain access to sensitive data, including customer information, corporate secrets and in some cases company source code.
“Getting rid of instances where we have to input a password is the goal,” Donald Hasson, chief product officer at Dashlane, said via email. “More than 80% of breaches and hacks are due to stolen credentials.”
Dashlane officials say eliminating the master password will help lead to more phishing-resistant account creation. The company cites estimates from Gartner showing 20% to 50% of all help desk calls are related to resetting passwords.
