Frequently Asked Questions
What is Passwordless Authentication?
“Passwordless” is a way to gain access to something using characteristics inherent to a person or a piece of hardware that can’t be compromised, unlike a password. The idea is that it should be impossible for someone to impersonate another person using something unstealable, like a physical USB or a fingerprint.
What’s the Difference Between Passwordless and Credential Management?
Credentials control what a user has access to. Passwordless is the means by which they get access. Credential management is often a pain because multiple users need access to servers, databases and Kubernetes clusters, but there often isn’t a standard platform for admins to manage access across all of these systems. Companies need a unified control plane to manage all of these credentials and define necessary authentication methods.
Do I Have to Use Passwordless in a Zero Trust Model?
Zero trust means that you don’t trust anyone or anything. Just because someone has a password doesn’t mean they are who they say they are. Passwordless allows a system to efficiently authenticate that a user is who they say they are, which is why it’s a good idea to use it as part of your overall authentication process in a zero trust model.
How are MFA and Passwordless Authentication Related?
MFA is a digital identity verification method that adds one or more steps to the login process. It typically requires users to provide at least two distinct factors of authentication, such as something they know (e.g., a password), something they have (e.g., a hardware token) or something they are (e.g., biometric data). The main purpose of MFA is to prevent unauthorized access to an account or device, even if a password has been compromised.
Passwordless authentication, on the other hand, is a method of verifying a user's identity without the use of a password or knowledge-based factors. Instead of a password, the user authenticates using something they possess, such as a mobile device or a security key, or something they are, such as a biometric feature. Each time a user requests access, a new authenticating message is generated, eliminating the need to remember and manage passwords.
Both MFA and passwordless authentication can leverage biometric or possessive factors to enhance security. Some systems also offer passwordless multi-factor authentication, combining the benefits of both approaches.
What Are The Benefits of Passwordless Authentication?
The main benefits of passwordless authentication are reducing user friction, as users no longer need to remember, rotate or reset their passwords, and increasing security by replacing shared secrets with something stronger.
Can I Integrate My Existing IdP With BastionZero for Passwordless Authentication?
Yes! Many IdPs provide passwordless authentication out of the box. BastionZero currently integrates with Okta, OneLogin, Google, Microsoft and Keycloack, which all support passwordless authentication.