Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Leadership and ManagementLogical SecurityCybersecurity News

Security considerations for passwordless authentication

By Dan Conrad
fingerprint

Image from Pixabay

October 20, 2022

With Apple, Microsoft and Google introducing passwordless authentication solutions, the end of the password is near for consumers. However, the enterprise world hasn’t followed suit despite credentials being responsible for nearly 50% of cyberattacks.

Many initial passwordless offerings focused on the user experience, but now can enhance security as well. From biometrics to link-based access, there are many network access strategies security leaders can use to protect their network from threats.

Types of passwordless authentication

It’s important to note that “passwordless” is just authentication via other methods and usually involves single sign-on (SSO). This concept can be taken to many levels. Network access can manifest in strategies involving SSO, or it can go completely passwordless through the use of:

  • Biometrics: Physical traits, such as fingerprint or retina scans, and behavioral traits, such as typing and touch screen dynamics, are used to uniquely identify a person. Even though modern artificial intelligence (AI) has enabled hackers to spoof certain physical traits, behavioral characteristics still remain extremely hard to fake.
  • Possession factors: This form of authentication is something that a user owns or carries with them. Examples include the code generated by a smartphone authenticator app, one-time passwords (OTPs) received via SMS, or a hardware token.
  • Magic links: The user enters their email address, and the system sends them an email with a link that grants access to the user.

Once authenticated, SSO is used for everything else, leading to more intelligent and ongoing authentication.

It’s how the technology is layered to produce the user experience and strengthen security that matters. For instance, users can initially authenticate to a laptop using any number of systems to include a username/password, which can then unlock a certificate to provide a passwordless experience to everything else.

Passwordless authentication creates a significant setback for bad actors

Passwordless authentication is harder to crack than traditional passwords, and it’s less prone to most cyberattacks. But, it's not impervious to hacking. The most sophisticated attackers will always find a way.

However, the tech continues to evolve into stronger and stronger authentication. Not only is the authenticator accepting (or rejecting) credentials, it’s evaluating them based on policies. Is the user in the same location they were the last time they authenticated? Are they accessing the same systems? Are they attempting to use an application they’ve not used previously?

Implementing passwordless authentication in your organization

When an organization deems itself a fit for passwordless authentication, security leaders should start the implementation by using a phased approach and identifying the organization’s “front door,” the main barrier keeping hackers out. If the workstation is the front door, then make sure there is some sort of strong authentication there. That doesn’t have to be a password, so it’s important to consider the following:

  • Pick the authentication mode: The first step is choosing the authentication factor. Some passwordless technologies range from fingerprints and retina scans to magic links and hardware tokens.
  • How many factors? Use of multiple authentication factors with or without passwordless as reliance on one factor, regardless of how safe it may seem, is not recommended.
  • Buy required hardware/software: Organizations may have to buy equipment to implement biometric-based passwordless authentication. For other modes, like magic links or mobile OTPs, they may only have to procure software.
  • Provision users: Once the organization has selected the authentication factor, it’s time to start registering people on the authentication system. This is an imperative step to ensuring only the right individuals have access within a network.

Strong authentication is essential to protect organizational data, people and property. With breaches nearly continuous in the news and most of them targeting authentication, organizations will be forced to look into better ways to authenticate. Since password breaches are common, it makes sense to go passwordless.

Looking forward from here, the industry may be moving to a completely passwordless authentication experience in the future, as long as confidence builds in the authentication mechanisms. That’s the key. Just like it was 10 years ago with cloud offerings, it's going to take time and a proven track record.

KEYWORDS: authentication biometrics multi-factor authentication password security passwordless

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Dan Conrad is the AD Security and Management Team Lead at One Identity.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • passwordenews

    Is Passwordless Authentication the Future?

    See More
  • 5 mins with Tzur-David

    5 minutes with Shimrit Tzur-David - Developments in passwordless authentication technology

    See More
  • Fingerprint biometrics

    Biometrics lead passwordless authentication methods

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing