Introducing The PingOne for Customers Passwordless Solution

The race towards offering a seamless, out-of-the-box passwordless solution is underway, and PingOne for Customers Passwordless is at the starting line.

We're very excited to introduce PingOne for Customers Passwordless, a cloud-based passwordless solution that effortlessly caters to all customer identity types, at scale, with minimal setup required. This empowers enterprises to swiftly create and implement passwordless authentication methods for customers and deliver smoother experiences without compromising security. PingOne for Customers Passwordless supports various use cases, from quick registrations via social media single sign-on (SSO) to a range of passwordless options like email magic links, OTPs, and advanced methods like FIDO biometric authentication using passkeys, and more!

More on that to come. But first, a brief history lesson on passwords and passwordless authentication to address the sequence of events that inspired this new solution.

Although you’re likely already way too familiar with the vast range of pitfalls associated with passwords, I’d be remiss not to lay a proper foundation by addressing this topic. So – to level set – let’s briefly extol the shortcomings of passwords and the merits of passwordless authentication.

Customers want fast and frictionless experiences yet also expect organizations to secure their personal information. This has led organizations to pursue implementing passwordless experiences for customers.

Given the plethora of problems associated with passwords, this should come as no surprise. For one, the average person has 191 services that require them to authenticate via traditional passwords or other credentials according to the report "From Exposure to Takeover" by Digital Shadows Photon Research Team. That’s a lot to manage, especially as the rules behind them continue to get more complex and cumbersome. In fact – a study of US consumers showed that, on average, a consumer abandons 16 online purchases a year due to password frustration¹. Additionally, passwords pose security risks, as evidenced by the fact that 80% of breaches involve brute force attacks or lost or stolen credentials². Simply put, traditional passwords are neither secure nor user-friendly and are probably adding friction to your sales processes and preventing your business from capturing revenue.

Meanwhile, the outcomes of passwordless authentication are the inverse of traditional passwords, given its potential to strengthen customer security and drive higher revenues through increased engagement and lower abandonment rates. As a result, it’s no wonder that pursuing passwordless for customers is all the rage as of late.

To summarize, traditional passwords are essentially obsolete, and passwordless authentication for customers is an obvious win/win that all organizations are likely already implementing.

Right?

Unfortunately, despite its potential to improve both customer security and experience, there is a caveat – it turns out that successfully configuring and deploying the right passwordless scenarios to customers into your applications and websites can be exceedingly challenging for a multitude of reasons. To illustrate this conundrum, a recent passwordless survey in which 600 IT Leaders were interviewed found that:

• On the one hand, 100% of the participants reported that they fully recognized the benefits of passwordless.

   

• But on the other hand – in that same group – 83% of the respondents with no current plans to go passwordless admitted that they had concerns about implementing it in their environment.

So what’s holding them back?

Although security professionals generally already know that they should go passwordless, there are a lot of barriers to doing so, with three of the most common and relevant blockers being:

Integration Challenges: Integrating a passwordless solution carries extensive implications. Frequently, application teams are unprepared for such shifts because they demand substantial alterations to custom code. This translates to the need for extra development resources, time, and funding, all of which are often limited.

Accommodating Various User Scenarios: Organizations often must accommodate various customer identity types while also adhering to industry-specific and geographical regulations in certain instances. These different organizations often require distinct authentication methods. For example, whereas banks may prioritize security with FIDO2, retailers may prefer less secure but more frictionless authentication scenarios, such as email magic links. Meanwhile other organizations may prioritize enabling customer choice, for example by allowing customers to choose whether they would prefer to authenticate via email or SMS OTPs, or push notifications through mobile apps.

Either way – this drives home an important point which segues to roadblock number three:

Lack of Out-of-the-box Passwordless Solutions: Passwordless is not a single solution per se, but rather one that requires customized integrations of multiple different products and technologies. With every organization being different and possessing distinct technology and user scenario needs, going passwordless can get very granular and complex demanding tailored integrations across various products and technologies. As such, there is no single standardized blueprint for going passwordless. Instead, every organization generally requires its own uniquely customized approach.

For many, the combination of 1) development resource constraints and 2) the necessity to adapt to diverse user scenarios and their specific use case requirements, in addition to 3) the absence of ready-made, plug-and-play solutions, represents a significant obstacle to pursuing passwordless that frequently impedes adoption efforts.

PingOne for Customers Passwordless was explicitly designed to address the unique challenges organizations face when selecting and implementing passwordless authentication methods for their customers. It combines a no-code, drag-and-drop orchestration engine with passwordless flow templates, single sign-on (SSO), multi-factor authentication (MFA), user management, and risk services. This allows administrators to swiftly design, test, and deploy various out-of-the-box passwordless registration and authentication experiences for diverse customer identity types, all at scale, with minimal manual setup.

In addition to foundational Ping Identity Services, key features of PingOne for Customers Passwordless also include:

1. Pre-built Passwordless Flow Templates: Start quickly with pre-built templates for passwordless flows, including user journeys for registration, authentication, and device enrollment and management.

    

2. Passwordless Getting Started Experience: Rapidly test various passwordless user journeys without manual configuration or custom coding, thanks to the PingOne Solution Designer.

    

3. Password to Passwordless Migration Experiences: Gradually migrate password users to passwordless authentication without compromising security.

    

4. Default Policies for Risk and Authentication: Begin with pre-configured policies for risk and authentication, aligning with industry best practices.

    

5. Real-time Threat Detection: Evaluate real-time user activity, assign risk scores, and implement mitigation policies to prevent identity fraud.

    

6. Secure Self-Service Profile Management: Offer customers pre-built profile management flow templates to manage their accounts, preferences, and trusted devices.

Additional capabilities, benefits, and features of PingOne for Customers Passwordless are addressed in greater detail in the solution’s Technical Brief and the Datasheet.

PingOne for Customers Passwordless includes out-of-the-box pre-built DaVinci flow templates that align with the most common customer passwordless use cases. These templates are designed to facilitate different passwordless customer authentication and are offered within DaVinci as well as selections an administrator can test within the Getting Started Experience. When an admin selects one of the passwordless options, the flow within PingOne DaVinci is activated and ready to test in the PingOne sample application.

PingOne for Customers Passwordless can create passwordless user journeys that leverage all available authentication methods supported within the PingOne Cloud Platform and pre-built passwordless flow templates for the following authentication methods:

• Email Magic Link

• SMS OTP

• Email OTP

• FIDO2

Leveraging these pre-built flow templates enables out-of-the-box customer registration and authentication experiences for common passwordless scenarios. This allows practitioners to quickly design, deploy, and optimize seamless and secure customer journeys that utilize all their organization’s identity services.

Administrators can choose the passwordless experiences that are right for their users and test them in a simple wizard that uses pre-built orchestration flows from PingOne DaVinci to yield the following benefits:

• Eliminates the tedious process of spending days and hours defining technical requirements while manually configuring their preferred passwordless authentication solutions.

   

• Removes the ‘where to start’ problem and renders obsolete the ‘no one-size-fits-all’ approach to going passwordless that administrators typically face by guiding them through a series of selections that are right for their goals.

Figure 1. Leverage pre-built DaVinci flow templates that enable out-of-the-box customer passwordless registration and authentication experiences.

The Passwordless Getting Started Experience is a solution designer that enables administrators to quickly test various end-user experiences within a few clicks. It provides an intuitive interface that utilizes pre-built passwordless orchestration flows. This empowers practitioners to swiftly design and test secure and frictionless passwordless customer experiences with just a few clicks and in minutes rather than days or even weeks to effectively save materially significant time and resources.

Here's how it works:

The Passwordless Getting Started Experience is a simple wizard that guides administrators through the essential steps to set up their passwordless solution quickly. Administrators can customize their passwordless solution and test them immediately within an embedded sample app, including selecting customer authentication experiences and profile management options.

Admins begin by choosing one of two registration experiences:

1. Offer Passwordless: Ideal for migrating existing users who already have a password to a passwordless experience within an existing application.

    

2. Require Passwordless: Suited for new applications or those without existing users who have passwords. Users will be prompted to transition to passwordless methods, including email and SMS OTP, email magic links, FIDO2 biometric authentication, or social login.

Figure 2. Admins select one of the two above registration experiences, each corresponding to different user journeys with additional selection options in subsequent configuration sections.

Admins can then select the passwordless options they wish to test, covering registration, authentication, profile management, and account recovery. This allows you to design and test your passwordless solution, including the availability of various MFA methods for your users.

Figure 3. Next, admins can select which passwordless options they want to test in their environment. These steps include registration, authentication, profile management, and account recovery. This will allow practitioners to customize and configure their passwordless solutions, including choosing which MFA methods you’d like to make available to your customers.

Lastly, self-service capabilities enable users to securely manage their preferences across all devices and customize their accounts without needing support.

Figure 4. Self-service capabilities also allow users to securely manage their preferences across all their devices and customize their account without contacting support.

To recap, the passwordless solution experience enables practitioners to bypass the typically cumbersome and tedious process of defining technical requirements while manually designing their preferred customer passwordless authentication solutions from scratch. Instead, administrators can simply choose from multiple out-of-the-box, pre-built orchestration flows, test them in a sample application, and then ultimately deploy them to their customers.

When it comes to implementing passwordless authentication for customers, the days of hiring an army of developers to spend months stitching together a patchwork solution made up of non-natively integrated tools are over. PingOne for Customers Passwordless is a pioneer in the era of out-of-the-box, pre-integrated solutions. It provides teams a simpler way to get started when solving a not-so-simple problem, like going passwordless, and it drastically lowers the barrier to entry by starting from multiple pre-built components, including orchestration flows and policies. PingOne for Customers Passwordless is the first of its kind and stands in a class of its own as a game-changing solution that drastically lowers the barrier to entry of implementing passwordless for customers.

Modern problems require modern solutions. The combination of Ping Identity’s best-in-class IAM services, pre-built passwordless orchestration flows powered by PingOne DaVinci, and the Passwordless Getting Started Experience’s intuitive interface streamlines the most challenging facets of delivering passwordless authentication to customers by directly addressing IAM teams’ most prominent passwordless challenges by allowing them to:

• Streamline previously complex manual processes through the ability to design and test secure and frictionless passwordless customer experiences with just a few clicks and in minutes rather than in days or even weeks.

   

• Select the best passwordless experiences for their environment, the specific use cases in question, and, most importantly, their customers' needs.

   

• Save time and money by dramatically reducing development efforts, effectively freeing up resources to focus on other critical initiatives.

Want to learn more? Check out PingOne for Customers Passwordless, visit the PingOne Cloud Pricing page, or contact your Ping Identity representative today.

¹ 16 Online Purchases Abandoned Every Year Due to Password Frustration: iProov, 2020, Source

² Verizon 2020 Data Breach Investigations Report; Source