a good thing!
Passwordless authentication is a way of verifying a user’s identity without using a password. This type of authentication isn’t a specific type of technology, but rather, a goal or desired outcome.
Passwords are becoming outdated and are often the weakest link in protecting digital resources. Not only are they hard to remember, often reused, and need to be changed frequently, but for many IT departments, password support and maintenance are often their largest expense.
Replacing passwords with more secure authentication factors makes it much more difficult and expensive for attackers to be successful. For example, with FIDO (Fast Identity Online), the first open identity standard created to support passwordless authentication, user credentials never leave the device and are not stored on a server, which reduces vulnerabilities to phishing, password theft, and replay attacks. Additional authentication mechanisms, like risk signal tracking and device trust, make passwordless authentication methods even more secure.
But perhaps most importantly, passwordless authentication improves the user experience. Passwords present a host of usability problems that translate to poor experiences. It's much easier for users to provide a fingerprint or speak into a microphone than it is to remember and keep track of passwords. The best part is that much of the authentication process is done behind the scenes and users are blissfully unaware that it’s even happening.
Passwordless authentication occurs when authentication factors other than passwords are used to access digital resources. One or more of these factors can be used:
Note that passwordless authentication is not necessarily the same thing as multi-factor authentication (MFA). With multi-factor authentication, users are required to use two or more factors to prove that they are who they claim to be, and one of these factors could involve a passwordless authentication method. With passwordless authentication, users might be required to use only one factor, but that factor is not a password. If authentication requires more than one passwordless factor, it’s considered passwordless MFA.
There are a variety of passwordless authentication methods and technologies available, and an infinite number of ways they can be used and combined to protect digital resources. Some methods are easy to implement and might be appropriate for accessing resources that do not contain sensitive information, while other methods provide robust security mechanisms but are more expensive to implement. All situations are unique.
For example, passwordless authentication methods are often used in the financial services industry due to the sensitivity of the data involved. In these two use cases, several different passwordless authentication methods are used to access account information.
To access a gift card balance, a retail company requires that users create a new account using their email address and password. The first time the customer accesses their account balance information from a new device:
Additional security might be required to access more sensitive information. For example, if an insurance adjuster needs to access her client’s records, her identity could be authenticated using a variety of passwordless methods.
Authentication could involve sending a push notification to a phone-based authentication app, which uses fingerprint or facial recognition.
If for some reason, this method doesn’t work, a fallback authentication method, such as using a YubiKey could be used. Because the YubiKey is a FIDO authenticator and therefore not tied to a phone or laptop, the adjuster could use a PIN to unlock the authenticator and gain access. Security is maintained, and productivity isn’t negatively impacted. To learn more, watch the webinar.
To learn more about FIDO protocols and how they work, see FIDO (Fast Identity Online).
See how Ping can help you deliver secure employee and customer experiences in a rapidly evolving digital world.
Request a free demo
Thank you! Keep an eye on your inbox. We’ll be in touch soon.