Key Points
- Passwordless methods include hard tokens like YubiKey, mobile devices with FIDO2, and behavioral biometrics
- Passwordless authentication eliminates the need for users to remember or manage passwords
- Though it can be more secure, passwordless can also be less secure if device-based and the device is stolen
Phone- or device-based FIDO2 authentication is one increasingly popular variety of passwordless authentication.
Quick Read
Individuals and companies alike are increasingly pursuing passwordless authentication workflows to replace older username-password methods for logging in and authenticating to computing resources.
The reason for this is that passwords are no longer as simple and easy to manage as they once seemed to be. In the early years of computing, when users had only one or two passwords to remember and the number of attackers was low, passwords were an obvious security solution.
Today, however, with most computing resources connected to the public internet, the number of attacks and attackers is both massive and global, so passwords must be stronger—which also means harder to type and harder to remember. Worse, with the rise of cloud computing, most users are no longer managing just one or two passwords, but rather dozens to many dozens.
As a result, passwords have become increasingly unmanageable as a method for controlling access to computing systems.
Passwordless solutions replace passwords with other identifiers that are easy to manage. Common passwordless solutions include hard tokens like YubiKeys, biometric authentication like fingerprint or face scans, proximity-based solutions that require a "known" authenticating device to be near the computing resource, and behavioral biometric solutions that recognize users based on typing style, and FIDO2 workflows that may leverage one or a combination of these to prove identity in a standardized way.
FIDO2 in particular has done much to accelerate the adoption of passwordless forms of authentication by standardizing the ways in which passwordless solutions communicate with systems as they replace or supersede standard username and password prompts.
Note that passwordless solutions are not always panacea; device-based passwordless solutions in particular are vulnerable to theft, particularly in the case of small devices like YubiKeys that can easily be snatched and pocketed in the blink of an eye.
Further Reading
Thanks for reaching out! A Plurilock representative will contact you shortly.
What Plurilock Offers
More to Know
Hard Tokens for Passwordless
Hard tokens like YubiKeys are easy to carry, easy to use, and comparatively inexpensive. However, they are also easy to misplace, easy to steal, and far easier than a mobile phone to inadvertently lose track of or leave behind.
Mobile Phones for Passwordless
Mobile phones that incorporate a fingerprint scanner and are configured as FIDO2 devices are increasingly popular as passwordless authenticators. This requires software, for example an SSO provider, that supports FIDO2.
