Passwords have not been fit for purpose for a long time. They are too easy to guess, crack, discover, and steal. Passwords are also costly and time consuming to manage, and password reuse is a major problem. However, after talking about getting rid of passwords for years, it is beginning to happen at last, thanks to advances in technology and standards that are finally making passwordless authentication a real option that is practical and scalable.
Given that the Passwordless Authentication market is dynamic, exciting, and competitive means that organizations no longer have any excuse for not ditching passwords and replacing them with more secure and user-friendly authentication options.
In fact, it could be argued that there is no time to waste because the security risks around password-based authentication have never been greater, and they are continuing to rise with each passing day.
Compromised passwords are currently one of the biggest risks to cyber security, because once an attacker is in possession of a legitimate credential, they have unfettered access to targeted networks and systems. This gives attackers ample opportunity to install backdoors and other malware, inventory data assets, and even exfiltrate data without detection.
Going passwordless should be a top priority for all organizations because by eliminating this flawed authentication method along with and other legacy authentication methods such as mobile SMS codes, push notifications, and one-time passcodes (OTPs), they can ensure that they will remain secure, compliant, and competitive, while at the same time improving the end user experience.
The continuing and increasing shift to remote and hybrid work will contribute to further adoption of Passwordless Authentication solutions and services by both workforce and customers. It is evident that some vendors provide nearly every feature one would need in a Passwordless Authentication service, while others are more specialized, and thus have different kinds of technical capabilities. For example, some smaller vendors are targeting mobile operators, the government-to-citizen (G2C) market, and small and medium-sized enterprises (SMEs).
Every organization, therefore, should be familiarizing themselves with the current passwordless authentication market and the latest generation of solutions that support a wide range of authenticators, public key cryptography, biometrics, comprehensive APIs, legacy applications and services, and a variety of trusted recovery options.
The Passwordless Authentication market is growing rapidly, with vendors offering mature solutions that support millions of users across different industries including finance, healthcare, government, insurance, manufacturing, and retail. It is therefore essential for organizations to choose the right passwordless solution that meets their unique requirements and needs around security, user experience, and technology stack.
— Alejandro Leal, Research Analyst, KuppingerCole.
Because we understand the importance of moving to passwordless authentication methods, and because we are committed to helping your business succeed, KuppingerCole has a great deal of content available in a variety of formats.
Research
Get an overview of available passwordless authentication solutions and guidance on how to choose the product or service that best meets your needs by looking at this recently published Leadership Compass on Passwordless Authentication.
Several other Leadership Compass reports touch on passwordless authentication. For an overview of passwordless authentication options, have a look at the Leadership Compass on Identity as a Service (IDaaS) - IGA. Passwordless authentication options for consumers, in particular, are covered in the Leadership Compasses on Consumer Authentication and CIAM Platforms.
For a wider perspective, with reference to the enterprise, have a look at this Leadership Compass on Enterprise Authentication Solutions and this one on Access Management.
Advisories
A key enabler of passwordless authentication is mobile biometrics. For more information on this topic, read this advisory on Mobile Biometrics for Authentication and Authorization.
Audio/video
If you would prefer to listen to what our analysts and other experts have to say on this topic, listen to these conversations on How to Combine Security And Convenience and the Future of Authentication, or these Analyst Chats on Getting Rid of the Password, Enterprise Authentication, and Innovation in CIAM.
Eliminating passwords was a key theme at the 2022 KuppingerCole European Identity and Cloud (EIC) conference.
Discovery how modern identity and access management can help eliminate passwords by watching this EIC presentation entitled: A Blueprint for Achieving a Passwordless Reality.
Strong and continuous authentication is a fundamental building block of Zero Trust. Learn how you can make it happen without making the user experience miserable by watching his presentation entitled: Going Passwordless and Beyond - The Future of Strong Authentication.
The FIDO Alliance has made tremendous strides in its mission to change the nature of authentication with stronger, simpler and passwordless authentication. To find out the state of passwordless authentication from the FIDO perspective, watch this presentation on The State of Passwordless Authentication.
Learn more about the innovations in authentication of today and about what changes are on the horizon by watching this panel discussion on The Future of Authentication and this panel discussion on Overcoming SMS OTP: Secure passwordless MFA with your mobile phone.
And to find out about the latest authentication trends based on KuppingerCole's latest analysis of the Enterprise Authentication and Access Management market, have a look at this presentation on Trends in Enterprise Authentication.
Eliminating passwords was also a key topic at the 2021 KuppingerCole Cybsersecurity Leadership Summit, which included this presentation on What Does a Passwordless Future Look Like?
Blogs
The development of new authentication standards and new products, devices, and services built on those standards is essential to enable enterprises to move away from password-based authentication. For some keen observations on Microsoft’s introduction of passwordless sign-in support for Azure Active Directory suing FIDO2 authentication devices, read this blog post entitled: Passwordless for the Masses.
Webinars
Several webinars have been dedicated to ways of eliminating passwords, such as the webinar entitled: We Need to Talk About Passwords – Urgently! Have a look at the recording of this webinar to see how your passwordless strategy needs to be carefully considered and integrated into existing architecture.
To help you on your journey towards eliminating passwords, have a look at this webinar on The Path to Going Passwordless, and for more insights on how to use Azure Active Directory in these efforts, have a look at: Managing Azure AD – Regardless of How You Use It.
Organizations with a need for high levels of identity assurance and security should consider a combined approach of passwordless MFA. To learn more about this topic, have a look at this webinar entitled: Eliminate passwords with Invisible Multi-Factor Authentication.
Eliminating passwords improves security, but to effect fundamental change, organizations must start with the customer experience. To find out what that means in practice, have a look at this Webinar entitled: A Customer-First Approach to Identity-Based Authentication and this Webinar entitled: Passwordless Customer Authentication: Reduce Friction and Increase Security.
Eliminating passwords is about improving security, but it is also about identity. Both of these things are at the heart of the Zero Trust approach to security. If you would like to find out more about the relationship between passwordless authentication and Zero Trust, have a look at these webinars:
- What Does the Future Hold for Passwordless Authentication and Zero Trust?
- The Passwordless Enterprise: Building A Long-Term Zero Trust Strategy
- Technological Approaches to a Zero Trust Security Model
Whitepapers
Eliminating passwords is also touched on in several whitepapers. For recommendations on how to go about planning to go passwordless, have a look at this Whitepaper entitled: Planning for a "Passwordless" future.
Passwords remain the source of friction and security risk for customer authentication solutions. To find out how to improve security and customer convenience at the same time, have a look at his Whitepaper on Customer authentication with zero-friction passwordless authentication.
Desktop authentication is becoming an increasingly critical component of cyber security. Find out more by reading this Whitepaper entitled: Simplifying and Strengthening Authentication with Passwordless Desktop MFA.
Device trust is essential and must be incorporated into the security posture of any organization. Only then will passwordless authentication become a cornerstone of zero trust approaches. Read more on this topic in this Whitepaper entitled: The Future is Passwordless. If you do it right.
For a useful perspective on Identity API Platforms and an overview of the key capabilities of the AuthO platform in terms of going passwordless, have a look at this whitepaper entitled: Do Identity Right - So Your Digital Business Strategy Succeeds.
For insights on moving to passwordless authentication, have a look at this Whitepaper that discusses an approach to operationalizing validated identity data for enterprise workforce use, entitled: A World with Validated Identities and this Whitepaper entitled: A Passwordless Future Begins with Credential Management.
Tech Investment
Organizations investing in technologies to support passwordless authentication, can have a look at some of the related technology standard and solutions that we have evaluated:
- FIDO2
- Beyond Identity Secure Work
- Beyond Identity Secure Customers
- HYPR Passwordless and Phishing-resistant Authentication
- BehavioSec
- WSO2 Asgardeo
- NRI SecureTechnologies: Uni-ID Libra 2.4
- Keyless Biometric Authentication
- Widas ID GmbH cidaas
- BeyondTrust Endpoint Privilege Management
- HID Global Authentication Platform
- Auth0 Platform
- Auth0 Customer Identity Management
- Microsoft Azure Active Directory
- Indeed Certificate Manager
- iWelcome IDaaS and CIAM
- SecureAuth IdP