Defining passwordless authentication Passwordless authentication is any method of verifying a user’s identity that does not require the user to recall and enter a password. Instead of passwords, proof of identity is performed based on possession of something that is uniquely linked to the user (e.g. a one-time password generator, a registered mobile device, or...

Most new technologies require businesses to tradeoff benefits and disadvantages. Passwordless authentication is one of those rare cases where there is no tradeoff. There are no pros and cons – it is simply a superior alternative to passwords. It offers better security, better user experience and is cheaper to own and operate.  But like any...

By now, there is a growing number of passwordless authentication solutions in the market. New and established authentication vendors are offering solutions, each highlighting different use-cases and strengths. Some authentication solutions are built to authenticate customers, for example authenticating bank account owners to their bank. Others are focused on authenticating employees to business systems and...

Multi-factor authentication (MFA) has been the prevailing solution to address the inherent vulnerabilities of passwords, but the added security it provides comes with a significant costs to own and operate, and is hated by users. Passwordless authentication is reshaping MFA and redefining what it means. What is multi-factor authentication? Combining multiple forms of authentication for...

Phishing is one of the oldest tricks in the attack book. It is a simple social engineering attack that is cheap and easy to carry out, and has never failed to deliver results for attackers. With more and more interactions moving online, opportunities for attacks have seen explosive growth, so it is no wonder that...

Authenticating users to a company’s network domain is synonymous with enterprise authentication. The network domain is the IT’s technical term for the company network, and authenticating users to the network, and the various business resources connected to it, is really what enterprise authentication is all about. The domain controller is the authentication service that sits...

Once a company crosses the chasm and decides to go passwordless, then the goal should be passwordless for everything. But dropping passwords from legacy systems and apps can be tricky, as they are hardcoded to require a password and there is no easy way to upgrade or fix them to take a different authentication credential....

The outcome for passwordless authentication should be a passwordless workplace. Users should no longer have to use passwords for anything – not rarely, not as a fallback, not with some apps. They should be able to get everything done, from anywhere, using their passwordless authentication solution. Authentication use-cases for a typical enterprise Supporting the full...

The need for remote access solutions to allow remote employees to access business systems and applications has been around for a long time. During the COVID pandemic, this need has exploded. Authenticating the identities of users requesting access has been top-of-mind for defenders charged with preventing the next data breach. Passwordless authentication is changing how...

Traditionally, the security perimeter formed around a company’s IT resources defined the access permissions given to users. Anyone within the perimeter was trusted and therefore allowed access. Anyone outside the perimeter was untrusted and special authentication measures were required before allowing access. In practice this translated to anyone working from the office, connected to the...

What is the FIDO standard?  FIDO (“Fast IDentity Online”) Alliance is an open industry association launched in February 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords [src: www.fidoalliance.org]. To-date, the FIDO Alliance published three sets of specifications in an effort to standardize user authentication.  FIDO...