If you use a password manager, you’re familiar with the feeling you get when you look for a login but can’t find it. It’s probably because you signed in with your Google, Apple, Twitter, or Facebook ID, and your password manager knows nothing about it. Now, 1Password will remember how you signed up for a new service, keeping all your login information in one place. But between this and the passwordless future promised by passkeys, password manager apps could be on the path to irrelevance. “Password managers will start to become increasingly irrelevant as more companies switch over to passkeys and other, more secure sign-in options,” Emma McGowan, writer at Avast, told Lifewire via email. “It will be similar to what has happened with antivirus companies. As the threats have changed and evolved, we’ve all had to move away from simply offering antivirus to protecting customers from a range of phishing attacks, identity theft, breaches, and other attacks.”
Should You Even Use ‘Sign In With’?
Passwords are a pain and rely too much on the user. It seems nuts that the non-technical user has to create a secure password, store it safely, and not reveal it to bad actors. One common alternative is the sign-in-with option, where you offload the responsibility to a service you’re already signed in to. This could be an operating system vendor like Google or Apple or a social network like Facebook or Twitter. It’s certainly more convenient to use, but it also requires putting a lot of trust in the provider. “My high level opinion is that ‘sign in with’ options are a good idea, but developers need to strongly trust the companies they are deferring to,” Andrew Israel, founder of business authentication company PropelAuth, told Lifewire via email. “I also don’t believe passwords will ever truly go away, but the nature of password managers will need to change.” It’s also tricky to extricate yourself if you decide, for example, you no longer want to use Twitter. “The ‘sign-in-with’ options are generally a good idea, but they have their pros and cons. With a password, you’re at risk of someone discovering your password. If you’re using a ‘sign-in-with’ option, you’re trusting Twitter, Google, or Apple to communicate with the other website to prove your identity,” Andrew Liu, a software engineer who worked on Google account login and 2-factor authentication, told Lifewire via email. Not only that, but you’re also putting a lot of trust into a company whose primary business is something other than password and security management, which means it’s a much lower priority than at a dedicated password-manager company. “If one of those companies is hacked—like your Twitter account—then every site or service that you logged into using your Twitter account is also vulnerable to attack,” says McGowan.
Will Passwords Ever Go Away?
Along with sign-in-with options, passwords are also threatened by passkeys, a better and much more secure option that provides a means of authenticating without any password at all. Instead, you authenticate yourself using one of your devices—via fingerprint or face scan, for example—and the phone or tablet takes care of the rest. The password managers are already on this. 1Password, for example, will allow you to work with passkeys alongside all your existing options. And those options will be around for a while. “Even if all new websites use passkey or some newer form of authentication, there will be countless legacy websites that depend on passwords. Additionally, there are other situations, such as signing into your computer or phone, where passwords still make the most sense,” says Liu. So, it looks like passwords aren’t going anywhere, but at least the password manager apps seem to be changing to embrace newer, better options. One less thing you have to worry about.