Tech Giants Push to Replace Passwords — But Users Remain Cautious

Fingerprints, facial recognition, and access keys are steadily challenging the reign of traditional passwords, yet public reluctance continues to slow the shift.

“The password era is ending,” two senior Microsoft executives declared in a July blog post. The company has been developing “more secure” login alternatives for years, and since May has been enabling them by default for new users.

Other major platforms are also tightening access controls. Services such as OpenAI’s ChatGPT now require multi-step authentication, like a numerical code sent to a verified email address, before granting entry to sensitive data.

“Passwords are often weak and people re-use them” across multiple services, noted Benoit Grunemwald, a cybersecurity expert with Eset. He warned that sophisticated hackers can crack an eight-character password in seconds, and that stolen credentials remain a top target in data breaches. “They are improperly stored by the people supposed to protect them and keep them safe,” he added.

The scale of the problem is staggering — in June, Cybernews researchers uncovered a massive database containing some 16 billion login credentials harvested from hacked files.

In response, technology heavyweights are accelerating efforts to replace passwords. The Fast Identity Online Alliance (FIDO), which includes Microsoft, Google, Apple, Amazon, and TikTok, is promoting password-free login methods such as access keys. These allow users to log in via a trusted device like a smartphone, using a PIN or biometric input instead of a password.

Troy Hunt, creator of Have I Been Pwned — a site that lets people check if their credentials have been leaked — says these systems offer a major security upgrade. “With passkeys, you cannot accidentally give your passkey to a phishing site,” he explained, referring to fake websites that trick users into revealing their details.

Still, Hunt is cautious about predictions that passwords will vanish. “Ten years ago we had the same question… the reality is that we have more passwords now than we ever did before,” he said. Many platforms continue to rely on the familiar username-and-password model, and users often resist switching to new systems.

Passkeys also come with their own challenges. They must be set up on a device before use, and recovering them after losing a trusted phone or forgetting a PIN can be more complicated than a traditional password reset. “The thing that passwords have going for them, and the reason that we still have them, is that everybody knows how to use them,” Hunt said.

For Grunemwald, the shift in security will ultimately depend on how well people protect their devices. “People will have to take good care of security on their smartphones and devices, because they’ll be the things most targeted” in the future, he warned.