Business Use
For companies of any size and public sector
Understanding passwordless authentication.
Request a DemoPasswordless Authentication is the Future
Authenticating users without passwords is an identity security practice that uses two or more identification factors such as a hardware key and biometrics, eliminating the need for a traditional password. Because these other factors don’t have to be remembered, generally cannot be copied or stolen and are more secure, passwordless authentication can improve security and simplify user authentication.
Passwords are a Critical Attack Vector
With over 80% of data breaches being related to weak or stolen passwords, credentials and secrets, cybersecurity must start with password security. Passwords are frequently the only thing protecting confidential business plans, intellectual property, network access, employee census information and customer data.
Despite this, employees and contractors often use weak passwords and reuse them. Moreover, organizations are unaware of the existential dark-web threat - where cybercriminals transact on more than 20 billion stolen usernames and passwords, from public data breaches to target websites, applications, databases and systems.
They do this because they know that more than 60% of the time, employees and contractors reuse the same password or use common-stolen passwords on multiple websites, applications and systems.
The Need for Multi-Factor Authentication
The first step in mitigating this risk is the acknowledgement that every organization should be using an Enterprise Password Manager to ensure users are using strong, unique and secure passwords, enforce policies, enhance authentication security and provide auditability and governance.
However, using strong passwords is not enough to protect systems and to ensure the users accessing a system are who they say they are. Multi-factor authentication is a very powerful tool to improve identity security. Multi-factor authentication is recommended as a best practice by the US National Institute of Standards and Technology (NIST) to reduce risk.
The factors that can be used for authentication can fall in three categories:
- Something you know - This can be a password, a date, a name or any other information that is likely to be known by the user trying to authenticate
- Something you have - This can be a key, a digital certificate, a device or something that is unique and cannot be duplicated
- Something you are - This can be a unique characteristic of an individual: a fingerprint, an iris scan or another unique biometric.
Passwordless authentication can be achieved when an identity system allows users to authenticate using two factors (2FA) or more, none of which include something the user knows. For example, a hardware key and a fingerprint.
Authentication Factors
Something You Know
Password
Pin Code
Picture
Something You Have
RSA Token
Hardware Key
One-Time Password (OTP) Token
Something You Are
Fingerprint
Retina Scan
Face Recognition
Implementing Passwordless Login with Keeper Security
Keeper supports several 2FA methods that include “something you have” and “something you are” factors. Supported 2FA methods include Keeper SMS, Duo Security, RSA SecurID, time-based one-time password (TOTP) applications such as Google Authenticator, and Keeper DNA-compatible wearable devices like the Apple Watch or Android Wear.
Keeper SSO Connect®, which is included in Keeper Enterprise, seamlessly integrates with all popular passwordless authentication platforms, including Trusona, Veridium, HYPR, Secret Double Octopus, Traitware and PureID.
Logging in with FIDO and WebAuthn Authentication
Keeper also supports FIDO2 secure authentication methods. FIDO Stands for Fast IDentity Online, and is a set of standards for simpler, stronger authentication that define an open, scalable, and interoperable set of mechanisms that reduce reliance on passwords.
The WebAuthn is a Web Authentication API specification written by the World Wide Web Consortium (W3C) and FIDO, with the participation of many technology industry leaders. The WebAuthn API allows user authentication via public key cryptography instead of a password.
Combining FIDO with WebAuth allows using a mobile device as an authentication factor. The video below shows how a mobile user logs in to his mobile Keeper vault using a YubiKey and a mobile device as the two authentication factors with no passwords.
Passwordless Login with Password Vaulting and Auto Login
In today’s world, where most users do their daily jobs on SaaS applications that have their own authentication mechanisms, it is hard to move to a true passwordless model. However, once a user is authenticated into their own personal secure Keeper vault, they can access all their applications without having to generate, remember, or enter passwords. This is a passwordless login experience.
The user selects the URL for the system they need to authenticate to, and the Keeper application automatically fills username and password, and completes the login process in about a second, without any interaction from the user.
Getting Started with Passwordless Authentication
Implementing Passwordless Authentication can improve security and user convenience. It is one of many other security practices that modern organizations must follow, including role-based access controls, governance, auditing, and compliance reporting.
To learn more, get a personalized demo, or to get started with Keeper Security, please contact sales or start a free trial for your team.
Passwordless Login can be a Solution to Some Authentication Security Problems.
Request a Demo Try it Free
