What does password-free mean?
As the word suggests, passwordless login means you can log into an account without having to enter a password. You then use alternative authentication. Think of the possibility of logging in with fingerprint or facial recognition.
Through which methods can you switch to passwordless login?
There are 2 ways for a company to offer passwordless authentication to employees:
- A single sign-on experience on websites thanks to SAML (a standard for signing in to cloud applications).
- With a hardware token (via the FIDO2 standard), which allows you to log in via USB, bluetooth, NFC ... Similar to Windows Hello facial recognition.
With passwordless login, you definitely need to consider user experience and security. For example, if you plan to use password-only logins, you obviously cannot work without a password. Using MFA via SMS is insecure and not recommended. And when using authentication via a push message without an additional method, hackers can still use MFA bombardment to force users to accept the push message.
Will passwords disappear then?
No, that won't happen any time soon. And for these reasons:
- Even for accounts where you can log in passwordlessly, you still need to set a password first. If the alternative login method doesn't work, you still need your password as a backup.
- Just because you use a particular app both on mobile and on your laptop does not mean you can use the same login method on both devices. For example, you can use your fingerprint on mobile, but still have to enter your password on your laptop.
Since passwords are not yet immediately a thing of the past, a password manager a handy tool. This application remembers your passwords for you and even generates new passwords if you are momentarily out of inspiration. Log into your password manager with MFA to launch your websites from there and log in automatically.
Key conclusions on passwordless authentication
- "Passwordless" means that you do not enter a password, but it does not mean that the password no longer exists.
- Passwords will continue to exist. So you better make sure you manage them properly.
- SAML is a good way to provide password-free single sign-on access to cloud applications.
- FIDO2 tokens can provide a great user experience and security for computer logins, but usually at a higher price.
- A password manager can provide users with a better and passwordless experience for applications that do not support MFA.
Do you have any questions about this topic? If so, please feel free to contact us.