I still do not know how they can say passwords will be eliminated. I'm guessing then that a biometric will be the requirement eventually to eliminate all passwords?
While the idea of eliminating passwords might sound like removing them entirely, in reality, passwords are still present - they’re just stored securely inside a hardware security chip and never leave the device (should be...). This is achieved through asymmetric cryptography, where a private key is stored securely in the chip and a corresponding public key is shared with the service. The private key is used to sign or decrypt data, while the public key is used only to verify signatures or encrypt data for the key holder.
This architecture improves usability and security from the user’s perspective, but it's important to acknowledge some limitations:
1) Asymmetric cryptography is generally more vulnerable per bit of key length than symmetric algorithms like AES-256. So, while strong, it’s not inherently stronger than traditional password-based symmetric encryption.
2) The protection mechanisms of hardware keys are usually implemented in closed-source chips using proprietary firmware. This creates a trust issue: users have very limited visibility or control over how the private key is protected. There is legitimate concern that such chips may include backdoors for government access, which could potentially be abused by state actors or cybercriminals.
As for biometrics, while often marketed as a secure alternative, they come with significant drawbacks. Biometrics are not secrets - they can be very easy copied, faked, or leaked, and once compromised, they cannot be changed like a password. From a privacy standpoint, the push for biometric authentication appears to serve not just security, but also mass surveillance and data collection, often by organization with fascism ideology and bad intentions.
Given the relative ease with which data can now be extracted from supposedly secure chips, I would be cautious about placing too much trust in hardware security keys. They may be suitable for everyday use cases where the risk of compromise is acceptable, but I wouldn't rely on them for scenarios requiring high-assurance security.
As for biometrics, I would strongly advise against their use. Biometrics do not offer true secrecy - instead, they expose personal identifiers that, once compromised, cannot be changed. This makes them particularly valuable to malicious actors, who may exploit them for criminal activities or as part of broader efforts to enable surveillance and support authoritarian control structures.
Just keep in mind that if you choose to use biometrics, it’s relatively easy for attackers to steal and reuse that data to impersonate you. More importantly, unlike passwords, you cannot replace your fingerprints, iris patterns, or other biometric traits once they’ve been compromised. As a result, a hacker who obtains your biometric data could potentially exploit it for the rest of your life.
Moreover, if someone gains access to your biometric data - for example, your fingerprints, they could deliberately plant them at a crime scene or use them during the commission of a criminal act. In such a case, it may be extremely difficult for you to prove your innocence, especially if the biometric data was previously used casually, such as to unlock a phone or access a service without proper legal or forensic safeguards. Biometric misuse can thus lead not only to identity theft, but also to false attribution of criminal activity, with potentially serious legal consequences.
Home
Help
Search
Login
Register
