Why Password Managers Don't Solve the Password Problem

One of the most common struggles people face in the digital age is managing their passwords. With the endless number of websites and online accounts that require a unique login, it becomes way more difficult to remember all the different passwords. A solution that has emerged to keep track of passwords in the online world are password managers.

Problems with password managers

Password managers, such as Dashlane, LastPass, and 1Password, are tools that help people to create and manage unique passwords for their online accounts. These software and services offer a single and encrypted location where you can store all your login credentials. Having a digital vault remember your passwords may seem like a blessing, but there are multiple problems with passwords managers. Here are some of the major ones:

Problem 1: Low user adoption rates

One major problem with password managers is that they require users to install the software on every device they use, add their credentials to the password manager, and ensure that everything is properly synced. This can be a cumbersome task for many people, leading to low user adoption rates of around 20%. This low adoption rate is a problem for companies that rely on password managers for authentication, as it means that many of their users are still using weak, easily guessable passwords or reusing the same password across multiple accounts.

Problem 2: Vulnerability to attacks

Additionally, password managers are often targeted by hackers. The recent security incident at LastPass is just one example of this. While password managers do offer some protection against password-based attacks, they are still vulnerable to other types of attacks, such as phishing or malware. If a password manager's database is compromised, all the user's passwords are at risk of being exposed.

Problem 3: Passwordless future

The business model of password managers relies on people continuing to use passwords as the primary method of authentication for their online accounts. However, as online security continues to improve, the way we log in to websites and online accounts is also evolving. More and more websites and services are moving towards passwordless authentication methods, which eliminate the need for passwords. These methods use biometric data or other unique characteristics to verify a user's identity, such as one-time codes sent via text or email. As these technologies become more widespread, it's likely that we'll see even more websites and services adopting passwordless authentication in the future.

Passkeys as the solution

Passkeys as the new authentication standard offer comprehensive solutions to the above-mentioned problems of password managers. Using biometric login like Face ID, Touch ID and Windows Hello, they create a simple and convenient solution that will boost adoption and never require a password again. Also, passkeys are the most secure authentication method since they rely on public- key cryptography, where a private key is stored on the users passkey device and a public key is stored on a dedicated server. Because the private key never leaves the passkey device it is highly secure and resistant to any cybercriminal. Lastly, passkeys are already prepared for a passwordless future as they rely on a technology that works completely without passwords, while also creating a promising business model.

The recent acquisition of Passage by 1Password shows that password managers are about to strengthen their passwordless capabilities in the passkeys area. Still, it is important to note that they require customers to install their software. This means that users must take the time to download and set up the password manager on all of their devices as well as requiring their users to remember a master password.

Corbado helps you to move towards the passwordless future and integrate passkeys

Instead of relying the burden of going passwordless to the users and requiring them to install additional software, SaaS and e-commerce companies should take responsibility for implementing passwordless authentication. By offering passkeys as a central authentication method, companies can simplify the login process for their users and increase security by eliminating the need for passwords.

At Corbado, we are working on passwordless and passkey-centered authentication solutions that prioritize user experience. Our solution is designed to be easy to integrate and convenient for the user, while also providing strong security against cyber threats.