For the past 40 years, passwords have been our digital masks.
When I log into a website, all they ask for is my password. Not my fingerprint, not my face, not verification that I am physically who I claim to be. Just a string of characters that I happen to know. In that moment, I am not “Hanif Bin Ariffin the person” – I am simply someone who knows the secret “hunter2”.
This abstraction has been quietly protecting our privacy in ways we’re only now beginning to lose.
Think about what a password actually represents. It’s pure information – a piece of knowledge floating free from any physical form. Anyone who knows “correcthorsebatterystaple” can become me, at least as far as the computer is concerned.
This creates a strange kind of digital anonymity. My password doesn’t care about my biometrics, my location, my device, or any other identifying characteristics. It’s completely divorced from my physical identity. When I type my password into a website, I’m not proving I’m me – I’m proving I know a secret.
The difference is profound.
With passwords, I could theoretically share my account with someone else by simply giving them the password. Or I could access my account from any device, anywhere in the world, without the service knowing or caring about the physical details of who I am. The authentication was about knowledge, not identity.
But passwords, we’re told, are insecure. People reuse them, databases get breached, they can be guessed or phished. So we’re moving to “passwordless” authentication.
On the surface, this sounds great. No more forgotten passwords, no more credential stuffing attacks. Instead, we get biometric authentication, hardware security keys, and device-based verification.
But here’s what we’re actually trading: we’re moving from knowledge-based authentication to identity-based authentication.
When I authenticate with my fingerprint, I’m not proving I know something – I’m proving I am someone. When I use Face ID, the system isn’t verifying that I possess some abstract piece of information; it’s verifying that the physical person sitting in front of the camera matches biometric data tied to my account.
Suddenly, my digital identity is inseparably linked to my physical body.
This shift fundamentally changes the nature of digital identity and privacy.
With passwords, there was always plausible deniability. If my account did something, sure, it was probably me – but maybe someone else knew my password. Maybe I was hacked. Maybe I shared my credentials. The link between digital action and physical person was probabilistic, not absolute.
With biometric authentication, that plausible deniability evaporates. If my face unlocked my phone and my phone accessed a service, it becomes much harder to argue that someone else was responsible.
More subtly, passwordless systems often require device registration and verification. My account becomes tied not just to my biometrics, but to specific hardware, specific locations, specific patterns of behavior. The service starts building a comprehensive profile of not just what I do online, but who I am as a physical being.
Consider what passwordless authentication actually requires:
Each of these requirements builds a more detailed, more permanent, more invasive profile of who I am as a person. The authentication system becomes an identity verification system, and identity verification requires comprehensive data collection.
Don’t get me wrong – passwordless authentication is incredibly convenient. Face ID is faster than typing a password. Hardware keys are more secure than most people’s password habits. The user experience is undeniably better.
But convenience often comes at the cost of privacy, and this trade-off is rarely made explicit.
When Apple introduced Face ID, they marketed it as more secure and more convenient than passwords. They didn’t mention that it fundamentally changes the relationship between your digital accounts and your physical identity. They didn’t explain that law enforcement can compel you to unlock your device with your face, but they can’t (usually) compel you to reveal a password stored in your mind.
I’m not arguing that we should stick with passwords forever. They genuinely have serious security problems, and those problems affect real people in real ways.
But I am arguing that we should be honest about what we’re giving up.
For decades, passwords gave us a form of digital pseudonymity that we didn’t even realize we had. They allowed our online identities to float free from our physical selves, creating space for privacy, experimentation, and mistake-making.
As we rush toward a passwordless future, we’re inadvertently rushing toward a world where every digital action is more directly, more permanently tied to our physical identity.
Maybe that’s a trade-off we’re willing to make. Maybe the security benefits outweigh the privacy costs. But let’s at least acknowledge what we’re trading away.
We’re giving up our digital masks. And once they’re gone, we can’t put them back on.
Is there a way to have both security and privacy? Can we build authentication systems that are secure without being invasive?
Maybe. Zero-knowledge proofs and other cryptographic techniques offer some hope. But the trend toward tying digital identity to physical identity seems irreversible.
In 20 years, will anyone remember what it was like to be anonymous online? Will the idea of separating your digital identity from your physical self seem as quaint as using a payphone?
I don’t know. But I think it’s worth thinking about while we still can.