Master
Passwordless authentication

Passwordless authentication is a way of validating users’ access to a system without having to remember a password or any other information.

A rising challenge facing system designers is that access to systems needs to be slick, and in many cases, devices are small and do not have traditional keypad interfaces. As a result, new and secure means of access need to be established.

What is it?

Any authentication system that uses something other than a password to verify identity.

What’s in it for you?

Passwords offer poor security and are often inconvenient. Passwordless approaches may solve that.

What are the trade-offs?

This is a fast-changing area, with no one single ‘best’ approach.

How is it being used?

This is ideal for systems where form factors mean passwords are impractical.

What is it?


Instead of passwords, identity can be verified based on a “possession factor,” which uniquely identifies the user. This could be a one-time password generator, a registered mobile device, a hardware token, or something such as a person’s biometric signature using something physical and unique like a fingerprint, the face, or retina. 


Passwords are risky and not very secure; people often mislay them or use the same ones multiple times, or don’t create a secure one in the first place. There’s also a cost in managing passwords well. They need secure storage, they need to be recycled safely periodically, and they slow down the user experience in accessing systems.

What’s in for you?


Passwordless authentication can deliver a better consumer experience and lower IT overheads in the maintenance of password systems. Password resets remain a significant part of the work done by IT helpdesks — so offering an alternative may free up your staff to tackle more valuable work.


You can also reduce risks — password-only systems are fundamentally risky. User-chosen passwords tend to be weak and are often reused, which increases the chances of them being compromised. Adopting a passwordless approach prevents the types of attacks based on intercepting credentialed communications.

What are the trade offs?


Biometric technologies are changing and improving all the time. If you invest in passwordless authentication, you can expect to have to upgrade your tech on a regular basis — far more frequently than you would with passwords. The efficacy of methods such as facial recognition are subject to issues such as the quality of the cameras being used, which are often out of your control.

How is it being used?


It is used In environments where passwords are too slow, cumbersome, or inconvenient. Many consumers are accustomed to using password alternatives — such as fingerprints and facial recognition — to unlock their mobile devices. And it’s likely that new technologies, with novel form factors and methods of interaction, will expand the use of passwordless authentication.

Want to find out more?

Would you like to suggest a topic to be decoded?

Just leave your email address and we'll be in touch the moment it's ready.