The good, the good-old and the biometric: 5 Passwordless options compared

Dror Arie Head of Engineering @ GlobalDots
6 Min read

Passwords are obsolete.

Memorizing long and complicated passwords has been holding back businesses for over 50 years, while cyberattacks are evolving every day. ¹ In fact, Google has registered over 2 million phishing sites as of January 2021. The figure is up from 1.7 million in January 2020, a 27% increase year on year. ² On top of that, the latest Verizon 2021 Data Breach Investigations Report states that 61% of breaches utilize compromised credentials.

Now, with remote work becoming a new norm for many professionals, and with both small companies and international corporations hiring talent from around the globe, demand increases for platforms and software that simplify the login process, while simultaneously enhancing enterprise security. Many of those solutions promise to free the organizations completely from passwords and their increasing TCOs. Only this June, Transmit Security announced a $543 million Series A. Transmit’s appless biometric authenticator, named BindID, leverages a device’s built-in face or fingerprint scanner.

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

But is Transmit’s solution all that special? Let’s have a closer look at the passwordless trend and its different interpretations.

Passwordless Authentication Methods Today

Passwordless authentication is certainly a step forward in enterprise security and can help safeguard sensitive data from cyberattacks.

The main benefits of a passwordless authentication process are evident:

  • Time is money in business, and passwordless authentication can eliminate the time it takes the user (and the IT team) to reset passwords internally. According to recent data, entering or resetting passwords has an average annual cost of $5,217,456 per company in labor cost. ¹ Going passwordless therefore has a considerable bottom-line impact.
  • High staff turnover can take up a considerable amount of your time and resources as a business, especially around deprovisioning and provisioning of accounts and passwords. Passwordless authentication is often more efficient and secure and not as demanding on your IT department.
  • Passwordless authentication makes user authentication far less prone to phishing attacks, data leaks, or passwords being leveraged by former employees. Simply put – it’s more secure.

So, what are the different types of passwordless authentication available for implementation today?

  • Biometric Authentication – Biometrics such as fingerprint scanners, face scanners, or retinol scanners can help a business protect itself from cyberattacks. However, biometric data is typically stored in databases, which can be hacked. So, additional cloud security measures need to be in place, such as encryption to strengthen your level of security. Best suited for organizations who prioritize their employees’ time and convenience, as well as those who need a fast passwordless authentication experience. The ideal solution for fast-growing tech companies and those who support their teams with smartphone devices and laptops able to accommodate biometric authentication.
  • PIV/Smart-card-based authentication – A common and fairly long-running cyber security strategy used by the healthcare industry and governments worldwide, employees are given a smart card in order to access a device and work. While this is far better than a password, smart cards can be lost, misplaced, forgotten, stolen, or duplicated.
  • Device Trust – A passwordless login method that can be applied to both desktop and mobile devices, usually by push notifications to the authenticator app. A user already signed in can determine whether to ‘trust’ the device attempting to sign in. Should a distracted user accept a device without carrying out due diligence, this can put a business at significant risk of cyberattacks.
  • Magic Links and OTPs – This method usually involves the allocation of a One-Time Password, whether the user actually sees it or not. The user either gets a combination of characters they have to type in, or a sign-in link sent to their inbox or as a text message. These passcodes & links usually have only a few minutes usage window, after which they expire to prevent the abuse if the mailbox or mobile phone are hacked.
  • Multi-factor – Also known as two-factor authentication, it combines a number of passwordless authentication methods to increase the user’s level of security. This may involve receiving a one-time code to your smartphone device or an email magic link to sign in, combined with touchID, for example. ³

Empowering Your IAM Solution with a Passwordless Authenticator

One of today’s most advanced IAM platforms (also considering integration catalogue and level of workflow automation) is Okta. With Okta’s integrated Single Sign-On and Adaptive Multi-Factor Authentication solutions, organizations can take advantage of risk evaluation derived from context, i.e. user, location, device, or network. This means you can restrict access from high-risk login attempts and require one or more strong authentication factors – none of them is necessarily a password. Managed, secure and compliant devices can sign in, but unknown and unregistered devices will be subject to multi-factor authentication. Should malware be detected, future login attempts will be denied from a particular device.

Okta also has a FastPass solution to improve user experience, ideal for companies who hire freelancers, contractors, and remote workers. Users can sign in on any device, reducing the frustration and time needed to reset or change passwords. This solution will be available soon, and will further enrich Okta’s passwordless offering. Read more about it in our fresh new eBook: Move Beyond Passwords.

Now, let’s review the top vendors that already integrate with Okta to create a passwordless MFA+SSO experience.

HYPE

Use HYPR to transform a smartphone device into a FIDO Token. FIDO-Certified, HYPE offers a platform powered by Public-Key Cryptography and Open Authentication Standards. Backed by Samsung, Mastercard, and Comcast, it can help businesses minimize phishing, fraud and enhance business security. HYPR also eliminates fragmented identify infrastructure, unifying all of your remote login experiences, allowing companies to protect themselves online while permitting remote work.

Veridium

Veridium uses biometrics such as face and fingerprint identification to restrict and permit user access. A secure MFA-backed solution, it allows users to authenticate apps and secure transactions at scale efficiently. Used within the finances, healthcare, and government sectors, it allows for rigorous security protocols which support highly-demanding compliance requirements.

Secret Double Octopus

Secret Double Octopus offers user-friendly MFA deployable both in cloud-native and legacy environments. Instead of entering a password, users simply approve an authentication request delivered in the form of cryptographically secure push notification to their mobile authenticator app, or FIDO2-compliant authenticator. Layering biometric authentication to access the authenticator itself results in passwordless MFA. Able to integrate with a wide range of apps such as Okta, Slack, HubSpot, Digital Ocean, salesforce, and WordPress, it is ideal for technology and eCommerce businesses.

Conclusion

With vulnerabilities identified in the current passwordless authentication methods, does the future of cyber security promise a higher level of security that will empower businesses and employees?

Well, the security sphere is certainly reactive in its response to cyberattacks, and there are plenty of new and innovative vendors offering advanced passwordless authentication alternatives. The problem is, analyzing each individual offer and deciding if it’s a good fit for your unique business model can take time. And, failing to choose the right option in a world where passwords are becoming obsolete means putting your business at risk.

With so many options available, it can feel a little daunting to analyze each and every passwordless authentication provider on your own. At GlobalDots, we invest a significant amount of time and resources testing this category’s most cutting-edge vendors. With our expert insight, we pinpoint the best passwordless authentication provider for your business use case. You no longer need to conquer the quest for supreme enterprise security alone.

A world leader in implementing B2B cloud and web innovation, we have helped over 500 business clients integrate enterprise-grade security solutions. Our team considers compatibility and integration depending on your architecture, headcount, and industry. By using a seasoned and certified integration partner like GlobalDots, you earn complete peace of mind that the implemented solution is bespoke to your unique business needs.

Upgrade your level of cloud security by introducing passwordless authentication and integrating today’s most potent IAM platforms.

Latest Articles

Embark on Your Cloud Security Journey with GlobalDots CNAPP and its New CIEM Capability

Imagine being the captain of a vast space station, floating in the endless cosmos. Your station is filled with various facilities, each serving its unique purpose, and inhabited by astronauts, each following their own set of rules. Without a proficient system to manage these rules, chaos could reign. An astronaut might accidentally enter a restricted […]

Nesh (Steven Puddephatt) Senior Solutions Engineer @ GlobalDots
27th July, 2023
Long-Term LastPass Breach Sounds Alarm For Static Credentials

LastPass’ password management service has introduced millions of users to the convenience and security of unique passwords. Across mobile and browser, LastPass promises a near-passwordless experience for millions of individuals and over 100,000 businesses. However, recent news threatens to drop a bombshell on credential-based security.  The Year-Long LastPass Dual Breach  In August 2022, LastPass released […]

Beshoy Halim Cloud Engineer @ GlobalDots
2nd March, 2023
It’s time to get rid of passwords!

In addition to being outdated, passwords create frictions and hassles for workflows, teams, and users. We enable the complete elimination of passwords, securely and with an optimal user experience – by implementing the latest IAM & CIAM innovative solutions.  We are using a technology called FIDO2 (Fast ID Online) Authentication – new passwordless authentication method that relieves credentials […]

Nesh (Steven Puddephatt) Senior Solutions Engineer @ GlobalDots
10th November, 2022
GlobalDots Partners With Transmit to Make Passwords Extinct

As we rely more and more on online services, managing passwords becomes increasingly challenging. Compromised passwords lead to account takeovers, which pose existential threats to customer-facing businesses. Account takeovers led to an estimated $11.4 billion in losses in 2021, caused mostly by compromised passwords. GlobalDots, a cloud innovation leader, partners with Transmit Security, a leading […]

GlobalDots
8th September, 2022

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

Unlock Your Cloud Potential