Why Passwordless MFA From the CTO’s Chair

Don Shin | June 12, 2023

Steve Giovannetti, CTO of Hub City Media shares his thoughts. 

I have always been a big fan of Steve, affectionately referred to as Gio by his friends. I am not quite in that circle yet, but I am working on it.  I find Steve to be a straight shooter and, without question, an identity expert and well-respected in the industry. 

Coincidentally, I ran into Steve two weeks in a row, first at ForgeRock Live, the company’s annual customer event in Austin, TX, and then the following week at Identiverse 2023, now held in Las Vegas

We got to talking about the passwordless theme running throughout Identiverse. That theme started with the first keynote, where Andrew Shikiar from the FIDO Alliance gave an interesting talk linking past major technology shifts’ successes and failure lessons learned to “Making FIDO Inevitable.” Good talk, worth a listen when the event folks post the recording. 

I, too, am one of those who believe FIDO is the future. But FIDO still has challenges to overcome to be broadly used for the workforce. And the gaps are not lost on the FIDO Alliance Enterprise Working Group.  Specifically, FIDO is limited to WebAuthn and its browser-based web apps. Cool, but what about all the corporate apps and services that drive the rest of our businesses?

Since I had Steve’s attention, I asked him if I could record him addressing the foundational questions IT leaders have when starting the journey off vulnerable passwords to phishing-resistant passwordless MFA:

First Question: Why passwordless MFA? 

Second Question: What holds IT leaders back from going Passwordless MFA?

Third Question: Why Secret Double Octopus Passwordless MFA?


Bravo Steve. Good insights from a wise identity expert.