Javascript is actually
a good thing!
Make sure it's turned on
so that pingidentity.com can work properly.
How Identity Orchestration Accelerates Your Passwordless Vision | Ping Identity
Back to blog homepage icon Ping Identity Blog

How Identity Orchestration Accelerates Your Passwordless Vision

  • Why Passwordless Is the Answer
  • Secure Alternatives to Passwords
  • Why Passwordless Adoption Is Slow
  • Using Identity Orchestration to Achieve Your Passwordless Goals
  • Orchestrate the Right Passwordless Flow
  • The PingOne Cloud Platform Advantage
    • Back to top
    Back to blog homepage icon Ping Identity Blog

    How Identity Orchestration Accelerates Your Passwordless Vision

  • Why Passwordless Is the Answer
  • Secure Alternatives to Passwords
  • Why Passwordless Adoption Is Slow
  • Using Identity Orchestration to Achieve Your Passwordless Goals
  • Orchestrate the Right Passwordless Flow
  • The PingOne Cloud Platform Advantage
    • Back to top

    How Identity Orchestration Accelerates Your Passwordless Vision

    Nov 14, 2022
    -minute read
    Samuel Brown

    Why Passwordless Is the Answer

    Passwords have been around since the dawn of the digital age and today are a part of our daily routines. Surveys have shown that the average person has 100+ passwords, and it’s only logical that the number will increase as more applications and services emerge. But who really wants more passwords?

     

    Passwords are a great source of frustration for users. The rules behind them continue to get more complex and cumbersome. That in turn leads to more password resets, which require extra steps. In fact, a study of US consumers showed that on average, a consumer abandons 16 online purchases a year due to password frustration.

     

    Passwords are probably adding friction to your sales process and affecting your business from capturing revenue.

     

    The reason passwords exist is, of course, security. However, the truth behind the effectiveness of passwords is much different. As we have seen time and time again in various high-profile breaches, passwords offer little resistance to malicious actors. Passwords are the most popular and frequent target for hackers looking to steal data or gain remote access.

    Secure Alternatives to Passwords

    The term “passwordless” conveniently summarizes all the password alternatives out there. The ultimate goal is more convenience and security, but each implementation usually favors one side over the other. Striking a balance between security and convenience is difficult and must be tailored to the unique requirements of your user base. Not doing it right can ultimately lead to weak adoption, lost revenue, or, even worse, a security breach.

     

    In terms of security, “Is this user who they say they are?” is the ultimate question behind any form of authentication. Since passwords rely on knowledge-based questions, which can easily be guessed, they are a weak form of authentication. Password alternatives like biometrics, a physical token, or one-time passcodes are better options because they involve additional factors – either something physical that the user has in their possession or a human trait that represents something the user is or does – each of which are much harder for a hacker to mimic. While these forms have security flaws, they are harder to bypass than regular passwords alone.

     

    Regarding convenience, the main question is, “How can I make logging in as quick and easy as possible for my users?” We often refer to this as frictionless authentication. The ultimate goal is for all authentication processes to move to the background, where all the user has to do is access the digital services they want to without any interruptions or friction.

    Why Passwordless Adoption Is Slow

    The problems around passwordless are not new. Organizations have been aware of security and user experience issues for a while. Previously, the technology was an issue, but recent advancements have made passwordless more accessible and easier to implement. So if the benefits are clear, why aren’t organizations rushing to roll out passwordless solutions?

     

    Here are a few reasons:

     

    Fear of Change

    Passwords are almost as old as computers. Simply put, organizations and, in particular, security and identity departments are afraid to change the status quo. There is an immeasurable mental hurdle that they must overcome.

     

    Integration

    The impact of integrating a passwordless solution stretches far and wide. Quite often, application teams are not ready for such changes. That’s because the transition can require a lot of changes to custom code. This means additional development resources, time, and money–all of which are in short supply.

     

    Testing & Migration

    While passwordless can have a tremendously positive effect on user experience, organizations are also wary about losing customers while they work out the kinks. No one wants to implement a ‘big bang’ approach where they roll out passwordless all at once and suffer from errors. Organizations need an easier way to test, optimize, and roll out solutions.

     

    Flexibility

    A successful passwordless solution needs to account for many different user scenarios. It must be compatible with several different browsers, devices, applications, etc. You need to be able to make changes and support these different scenarios in quick succession to deliver the seamless omnichannel experience your customers expect.

    Using Identity Orchestration to Achieve Your Passwordless Goals

    Identity orchestration has emerged as a critical capability to help organizations accelerate their passwordless ambitions. Identity orchestration enables organizations to rapidly integrate and create identity workflows across numerous applications and services in a no-code/low-code manner. As identity use cases become more sophisticated and granular, orchestration is essential for organizations looking to manage it all in one place.

     

    Orchestration enables enterprises to successfully implement passwordless authentication by focusing on what matters most–the user experience. Here’s how:

     

    Application Integration

    Application integration is a widespread problem that plagues passwordless efforts and identity in general. Application onboarding is a difficult task in itself, and integrating applications into a broader passwordless ecosystem only makes it more challenging. Orchestration helps solve for both through out-of-the-box “connectors.”

     

    By using connectors, you can easily integrate new applications and logic across a user journey. But you can also change their authentication methods from standard passwords to passwordless. If you want to add a QR code or a one-time passcode, for example, that can be done within the orchestration interface versus diving into the application codebase. That saves a significant amount of developer resources and time.

     

    A/B Testing

    Passwordless is about creating a better, more secure user experience. You need the ability to test the user experience across multiple scenarios and devices. Orchestration provides that capability via A/B testing.

     

    A/B testing enables you to tweak passwordless settings and try it out from a user perspective. This is important because you can make changes in quick succession.

     

    User Segmentation

    Passwords are so ingrained in our mindset and IT infrastructure that most organizations don’t simply want to flip a switch and go passwordless overnight. Instead, a phased approach is recommended. You should aim to work out the kinks of your passwordless implementation with a test group of users before a full-scale rollout.

     

    That’s where the user segmentation capabilities of orchestration are crucial. It enables you to gather feedback, collect data, and test out different hypotheses to finetune your passwordless authentication. This will give you greater confidence in your full-scale deployment.

    Orchestrate the Right Passwordless Flow

    When choosing among the different forms of passwordless, it’s important to consider your users, their devices, the data being accessed, your existing infrastructure, and any regulatory requirements. The different flavors of passwordless have unique pros and cons when it comes to security and experience. A main benefit of orchestration is that it expands the number of passwordless flows you can implement. Let’s look at a few flows.

     

    FIDO

    FIDO (Fast Identity Online) is an open standard of passwordless authentication that is quickly becoming the gold standard, especially for the workforce. FIDO provides the best defense against common password attacks such as phishing and man-in-the-middle. Orchestration enables you to implement and test out FIDO authentication by focusing on the user experience and not on backend development.

     

    A graphic depicting the flow of FIDO in six steps registration begins users select their preferred authentication method users device creates a new key pair the device retains the private key and sends the public key to the online service connection to the online service and registration completeFIDO Sixstep FIDO Flow

     

    Passwordless MFA

    Perhaps the most common form of passwordless utilizes MFA, where something else–a biometric or an authenticator app, for example–replaces the password as a primary factor. Organizations tend to combine passwordless MFA with technologies around risk scoring and device trust. These solutions can often come from multiple third-party vendors, and incorporating them into your identity infrastructure has historically been a time-consuming and complicated process.

     

    Orchestration streamlines the integration across MFA, device trust, and risk scoring so you can focus on what’s most important: the user experience. You’ll have visibility into where and when MFA prompts occur, exactly when device trust checks occur, and how/what risk factors are scored. The benefit is a tailored experience utilizing third parties geared toward your users versus the other way around.

     

    Magic Link

    Another form of passwordless is a magic link, where users receive a one-time link to their email address that authenticates them and provides access. This is an easy and convenient way for users to authenticate, especially in the customer use case. The major impediment to magic link adoption has been the development resources required to make it happen and/or the requirement to add a third-party integration.

     

    Orchestration simplifies the process to get magic link passwordless authentication up and running. You can easily add a magic link connector into your authentication flows without significant coding. If you’re using a third-party integration, that can also be done in a no-code manner.

     

    A graphic depicting emailbased user authentication using magic links The flow is as follows enter email generate and save token create magic link send email click magic link check token and authenticateEmailbased User Authentication Using Magic LinksEmail-based user authentication using magic linksAuthenticateNote: Image adapted from postmarkapp.com.

    The PingOne Cloud Platform Advantage

    Hopefully, we have convinced you of the benefits of leveraging an orchestration platform to roll out passwordless authentication. Orchestration not only takes care of the integration and logic but also provides you with a holistic view into the user experience. At Ping, we have our own orchestration service called DaVinci, and it’s the foundation of the PingOne Cloud Platform. Below are its unique features.

     

    Vendor Agnostic

    With DaVinci, you don’t have to use only capabilities from the PingOne Cloud Platform. Instead, you can use any technology, even capabilities from our competitors. This is in sharp contrast to many other orchestration platforms that limit the scope of integrations to other products in the vendor’s portfolio. At Ping, we believe customers should have a choice.

     

    All Identity Types

    While some orchestration services are focused exclusively on workforce or customer identities, DaVinci can handle them all.

     

    Number of Connectors

    Orchestration capabilities are only as strong as their integrations. In less than a year since going live, DaVinci has 100+ integrations or connectors. That number will only continue to grow as we enable partners and customers to build their own.

     

    If you’re going down the path of passwordless, orchestration is a good place to start. It will give you the flexibility needed to test and scale your solution. And it will future-proof you from making changes down the road. Most importantly, it will allow you to focus on what matters: providing an excellent experience and best-in-class security.

     

    To learn more about DaVinci and its orchestration capabilities, please see our whitepaper.

    Share this Article:
    Related Resources
    What Is Strong Authentication? Processes & Best Practices
    Adam Preis
    Oct 28, 2024
    Understand the key components of strong authentication, and best practices to protect your organization and customer data.
    The CMMC Auditors View from the Field
    CMMC auditors see streamlines with IAM for DIB compliance
    Liz Revelas
    Oct 25, 2024
    CMMC auditors recognize IAM as crucial for securing DIB compliance. Identity management controls can protect CUI, national security, and affect contract revenues.

    Start Today

    Contact Sales

    sales@pingidentity.com

    +1 877-898-2905

    See how Ping can help you deliver secure employee and customer experiences in a rapidly evolving digital world.