Enterprise Connect Passwordless
Passwordless Authentication for the Workforce.
Eliminate Passwords. Eliminate Password-Based Attacks.
Password-based attacks have become a significant cause of data breaches. Passwords are no longer the most effective method of authenticating users. They are easy to guess and cheap to acquire. And people make mistakes, including inadvertently exposing their passwords. Organizations need to eliminate user interactions with passwords by providing a passwordless experience across all enterprise resources, including web and mobile-based applications, workstations, servers, and other legacy infrastructure.
Enterprise Connect Passwordless offers passwordless authentication methods, no-code orchestration journeys, and application integrations — all required to implement a successful passwordless program.
I'm Jeff.
This is Ben, and today we're gonna be talking about password lists.
Ben, I'm gonna go ahead and take a shot at the definition of password list.
It's a login that does not require or have anything like a password associated with it.
You nailed it.
Awesome.
Well, thank you for joining us, and, uh, is there more?
Yes, there are actually.
It is so password lists, Um, why is it a thing?
I mean, what's going on?
Well, let's start off by talking about passwords, because you can't talk about password Lists without talking about passwords, right?
And passwords are the worst of all worlds.
They are a bad user experience and the majority of hacks.
The majority of security concerns come through the password.
Password channel, whether that be because someone reuses passwords and one of the places where they use the password gets hacked or whether they're easily guessed, Or just if it's a horrible user experience, there is nothing good about password and I have Yet to meet a person who says they like to log in with a username and password.
Yeah, it's perhaps the most universally believed thing in this industry.
That passwords just everywhere they exist, they should be gotten rid of.
Absolutely right.
So why, if that's the case, Then I guess somebody, you know, who's watching this video is gonna say, OK, well then, what are you guys doing about it?
What are vendors in this space doing about it?
Getting rid of passwords?
Yeah, so if passwords are horrible, Why are they still here?
Well, the reality is we haven't had something to replace them with.
And so we needed fundamentally something to Replace them with, and there's been a march That's occurred over the last couple of years.
First of all, most of us have in our pockets these devices that have biometrics on them.
They can authenticate my face.
They can authenticate my finger.
Um, they are something that I have, and they can identify who I am, Right?
And that's password.
That is passwordless.
And so, first of all, we made people comfortable with using these devices to log in because they do it 10-20, 50 times a day to go access their device.
Now if we can leverage that capability to log into other APPs and services, All of a sudden we really can achieve a passwordless world.
How would somebody go about implementing passwordless?
Well, the technology exists today.
And so we often talk about a passwordless Future, but the tech is here.
And so the question is, If the tech is here, why aren't people using it?
There's a variety of different reasons for that.
And, here's how I would recommend people Approach it.
First of all, you have to have the right Identity Platform.
You have to have an Identity Platform that Supports the standards like WebAuth and FIDO that enable password lists.
That's step one.
Step 2 is you have to really understand the end User workflow, understand what could go wrong, and make sure that you have a platform that has Orchestration in order to be able to adjust to those things that could go wrong, Because you're never going to only have the happy path.
Sometimes things are going to go askew, and you need to have the flexibility and power in your Identity Platform to handle it.
So the key thing is, this isn't exclusively a technology problem, But if you have the right platform that has the right technology in it, All those other problems become much more attainable or much more preventable.
Seems like it’s doable, but let’s get into the mechanics of how it’s done exactly.
How is passwordless attained?
Yeah, so fundamentally, you do want to remove the password.
So you don't just want passwordless experience, but you really want the password to Be gone.
And so, in addition to replacing it with Something like your face or your finger, you also need to have a way of presenting that to An application.
And the way we do that is by using what's called a token.
It's basically a cryptographic key that I Present to an application instead of my password.
And so now when I go on my phone and I unlock it with my face, I'm actually unlocking a Key that can then be handed to an Application to use to sign me in, Right?
And you're actually talking about a token.
That's in the logical world, not like an MFA token, right?
So let's talk about the difference between.
Password lists, MFA, and what technologies are out there today that can truly be called password lists.
Sure, so when we talk about MFA, We're talking about multi-factor authentication.
And so let's talk about the three core factors.
The first factor is something you know, and that has traditionally been a password or a PIN.
The second one is something you have, that's a physical token.
Like a UI key or a USB key, or if you recall the SecureID keys, It could also be your phone itself because you have to have your phone on you in some cases to Authenticate.
And finally, there's something you are, That's the things about you, the things like your face or your iris or your voice or your Fingerprint.
And so when you combine any two of those factors, it's 2FA.
When you combine multiple of them, it's MFA.
Now MFA doesn't necessarily mean password list because one of those factors could be a Password a password.
So password list means that that.
Something I know is no longer an option, and I'm using a combination of the other factors in Order to authenticate the user.
And so the key thing is passwordless doesn't mean no authentication.
What it means is it's an authentication without a password and often as a result, More secure, better user experience, absolutely.
And I was gonna ask you about the benefits there, but let's do this.
Why don't you paint a picture.
Of a passwordless world, the kind that many of our customers are experiencing or going down The road of.
Yeah, so in a passwordless world, We have the capability of authenticating to APPs by looking at our phones.
And so you may see this done in-band or out of band.
So you may start on your desktop and go to log in, and then your phone buzzes, and you look at Your phone and then boom, you're in or.
You may be on your phone itself and your Authentication that was done with a username and password is now replaced with just a simple Glance at your phone.
Yeah, exciting world there and it's one that Uses a combination of technologies that we've talked about single sign-on and federation, and Uh, you know, different risk-based AI machine learning.
There's a lot of stuff that can go in there, but it is just within our reach and we have Many customers that are doing it today.
So a passwordless future.
I look forward to being a part of that.
Absolutely, you bet.
Thanks for joining us today, Ben.
This has been intro to Identity Passwordless.
According to a Gartner report® "By 2025, more than 50% of the workforce and more than 20% of customer authentication transactions will be passwordless, up from less than 10% today."
— Gartner
"Take 3 Steps Toward Passwordless Authentication"
Refreshed 22 February 2023, Ant Allan, Published 19 October 2021. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Key Benefits
Strengthen Security
Enterprise Connect Passwordless removes the exchange of passwords between users and enterprise applications and infrastructure (legacy applications, servers, workstations, VPNs, etc). Removing passwords reduces the risk of password-based attacks (phishing, credential stuffing, brute-force attacks). In addition, your organization can strengthen security with password encryption and rotation for legacy systems.
Deliver Great User Experiences
Enhance the user login experience for employees and contractors by removing unnecessary friction with a seamless authentication and login experience.
Because Enterprise Connect Passwordless eliminates the cumbersome login process for enterprise applications and infrastructure, users gain a better experience with fast, secure, and flexible access to resources.
Lower Costs
Enterprise Connect Passwordless allows you to remove user interactions with passwords for enterprise applications and infrastructure. By eliminating employee account lockouts, escalated login failures, and password-related trouble tickets, you can lower operational costs from help desk interactions. You can also cut costs by eliminating the need to rewrite legacy enterprise applications to implement passwordless authentication.
Features
Passwordless Authentication Methods
Secure multi-device usage, browsers, platforms, and applications with an expansive set of passwordless authentication methods, such as FIDO2 WebAuthn, passkeys, OATH, push, one-time passcode (OTP), biometrics, and more.
Workstation Login
Secure Windows and Mac workstation access using the ForgeRock Authenticator App, which provides push or OTP notifications.
No-Code Authentication Orchestration
ForgeRock's orchestration engine provides drag-and-drop configuration, making it easy for your teams to add security signal analysis, integrate third-party capabilities, and create simplified user registration, lost device, and help desk flows.
Passwordless Workforce Integrations
Provide a password-free login experience to legacy applications, VPNs, databases, mainframes, REST, LDAP, and Unix/Linux servers. Ensure secure access to Remote Desktop (virtual and Windows) with strong passwordless authentication.
What State of Passwordless Are You In?
Ping Identity offers many passwordless authentication options.
It's time to move from authentication that relies on traditional usernames and passwords to processes that introduce passwordless.
First, you can easily include a passwordless method as a second factor (passwordless factor). Second, you can deliver a passwordless service experience in which users never have to interact with their passwords (passwordless experience). Finally, you can leverage a passwordless implementation where passwords are fully eliminated (complete passwordless).
Move to passwordless at your own pace without it being an "all-or-nothing" experience.
How To Achieve Your Passwordless Goals
Enterprise Connect Passwordless provides passwordless authentication methods, no-code orchestration, and simplified application integrations — all of which are required to deliver a successful passwordless program.
Learn how to end the use of passwords — and their incessant risks.
Authentication Methods
Embrace passwordless authentication with an expansive set of methods, such as FIDO2 WebAuthn, passkeys, OATH, push, OTPs, biometrics, and many more. They provide faster and broader enablement of passwordless across mobile authenticators, smart cards, biometric devices, digital certificates, browsers, and applications.
Access Orchestration
Configure and deploy drag-and-drop passwordless authentication workflows, including security signal analysis and third-party integrations, based on the unique security and user experience needs of your business. ForgeRock orchestration capabilities allow you to easily create no-code, out-of-the-box passwordless user authentication journeys to help you improve employees' and contractors' login experiences.
Application Integrations
ForgeRock Enterprise Connect Passwordless provides simple and secure passwordless enablement for enterprise web and mobile applications and infrastructure. Enable passwordless with your legacy applications, Windows and Mac workstations and servers, RADIUS-based authentication, Remote Desktop (virtual and Windows), desktop SSO, VPNs, databases, mainframes, LDAP, REST, Unix/Linux servers, and more.
Related Resources
Start Today
Contact Sales
See how Ping can help you deliver secure employee, partner, and customer experiences in a rapidly evolving digital world.