Did you know that in 2019, approximately 23 million breached accounts had used the password “123456” to protect their sensitive data? Yes, 23 million. And that’s not the only frequently used password that made the list. Weak passwords have been a long-standing problem for organisations globally for decades and, in fact, it’s estimated that 81% of data breaches involve weak or stolen passwords. So why do we still rely on them?
With it taking less than a second to crack the most common and easy-to-remember passwords, it’s more vital than ever for organizations to implement robust identity and access management solutions to protect their users, accounts, and sensitive data from password-related attacks. Many organizations are eliminating passwords from the mix altogether by addressing the issue at its root, and are starting to implement passwordless methods of authentication. But what can be classed as passwordless?
While we use “passwordless authentication” as an umbrella term, the sub-types within this can be split into solutions we at Expert Insights consider “semi” passwordless, and “true” passwordless. “Semi” passwordless solutions include certain types of Single Sign-On (SSO) and Multi-Factor Authentication (MFA), where the password itself still exists, but where users can log on to all connected accounts password-free via one connected portal, or sign-in using alternative methods of authentication—such as biometrics and authenticator apps. “True” passwordless, on the other hand, means that the password itself doesn’t exist—instead the user’s account was created using passwordless methods. This method heavily relies on FIDO2 standards and public-key cryptography to authenticate users.
So, let’s jump into it. We’ve put together a list of the top 10 passwordless authentication solutions for organizations looking to reduce password usage and simplify the log-in process for users. We’ve evaluated these based on SSO capabilities, methods of passwordless authentication available, policy management, and reporting capabilities.
The Top 10 Password Authentication Solutions Include:
- Entrust | IBM | LastPass | Microsoft | Okta | OneLogin | Ping Identity | Secret Double Octopus | Thales |Yubico
A scalable portfolio of identity and access management products
Entrust is a global credential issuance and digital security vendor. Operating in more than 150 countries and trusted by more than 10,000 customers, Entrust helps provide seamless and secure digital experiences to users globally. Entrust Identity is their identity and access management portfolio. Comprised of three products designed for cloud, on-premises and SMBs—Identity as a Service, Identity Enterprise, and Identity Essentials—the portfolio is designed to form a strong foundation that enables organizations to implement a Zero Trust framework, while removing friction for users and securing identities and assets. Products cover a breadth of use cases, and capabilities of this portfolio include secure MFA, mobile authentication, SSO, and passwordless authentication.
Entrust Identity products enable users to secure access to their accounts using various types of passwordless authentication, supported by secure multi-factor authentication. Methods of passwordless authentication include digital certificates, IP-geolocation, device authentication, one-time passcode tokens, display cards, grid authentication, biometrics, knowledge-based authentication, mobile authentication and credentials, and SMS soft tokens. Entrust’s approach is mobile-first, establishing trust in not only users but their devices too. To do so, the solution creates a secure digital identity on the user’s mobile device using a PKI credential, which can then be unlocked by using the device’s built-in biometric authentication capabilities. Once the user has been authenticated in this way, they can leverage passwordless SSO across their connected devices via Bluetooth connectivity—but only while in close proximity to their devices.
The Entrust Identity portfolio is designed to be scalable to meet customers’ evolving needs, as well as able to support numerous use cases and deployment specifications. The solution can be deployed in the cloud, on-premises, or as a managed service, and includes out-of-the-box integrations with leading applications. As well as this, the solution integrates seamlessly with existing infrastructure, enabling organizations to build a central repository for user identities using existing directories. Entrust Identity is suitable for organizations in all industries—including finance, government, education, healthcare, and more—and is best suited for enterprise organizations looking for a flexible and scalable portfolio of identity management products, or SMBs looking to enable Zero-Trust through multi-factor authentication with their Essentials product.
IBM Security Verify
Cloud-based Zero Trust access and identity management, including passwordless authentication, MFA, and SSO capabilities
IBM is a leading security vendor offering a stack of enterprise security solutions. Currently serving clients in 170 countries globally, their robust portfolio of security products enables organizations to manage risk and protect users, data, and applications against emerging threats. IBM Security Verify for Workforce—formerly known as Cloud Identity—is IBM’s scalable, multi-tenant, cloud-based product, that provides Identity-as-a-Service for users. The product includes SSO, MFA, passwordless authentication, context-based and adaptive access, user management, and identity analytics.
Federated SSO eliminates the need for multiple passwords by enabling users to log in to all accounts across desktop and mobile using one set of credentials. MFA enables users to secure their accounts using passwordless methods of authentication, including biometrics, QR codes, FIDO2-compliant security keys and tokens, authenticator apps, SMS one-time passwords, and via IBM Verify mobile app push notifications. Using the Verify mobile app, users can leverage the built-in biometric authentication within their devices, approving a push notification using their fingerprint, for example. Alternatively, users can use an access code to verify their identity via the app. Admins can view risk scores for users, applications, and entitlements and leverage mitigation actions recommended by machine learning, as well as manage users and implement access policies.
IBM’s Security Verify is a highly rated Software-as-a-Service platform that’s built for scalability and supports an array of methods of passwordless authentication. Users rate the platform as flexible and stable, and note that it supports a wide range of use cases. The cloud-based platform can also help to simplify cloud migration by providing one platform that extends access across the cloud and on-premises web applications. Security Verify is well suited for organizations across all industries—including finance and manufacturing—and we’d recommend the solution for enterprise-sized organizations looking to implement cloud-based Zero Trust identity management, with fully automated passwordless authentication, risk-based MFA, and SSO.
SSO, MFA, and secure password-free access
LastPass is a leading vendor in identity and access management, known primarily for their consumer and enterprise password management solution. Trusted by 25.6 million users and 70,000 organizations globally to secure their accounts and sensitive data, LastPass provides organizations with secured access, control, and visibility across all accounts. Key features of their platform include SSO, MFA, password management, and security reports. Of the four tiers they offer, LastPass Identity is the most comprehensive, encompassing all the best features of the lower three tiers in one enterprise-focussed solution. The Workstation Login feature provides a password-free experience for users across all work devices, while simultaneously enabling password management for security teams—meaning strong passwords can be used and shared securely, but don’t ever need to be remembered by users.
To provide a passwordless experience, LastPass Identity offers a built-in password generator, a secure password vault, autofill on applications and browsers for pre-saved credentials, SSO that integrates with more than 1,200 apps, MFA, and password-sharing capabilities. As well as this, instead of signing in using a username and password, Workstation Login will prompt users to verify their identities using the LastPass MFA mobile app—creating a more secure and password-free experience. Users can verify their identity using biometric authentication and contextual factors, offering a seamless user experience while still allowing admins full control and visibility over stored passwords. For security teams, the admin dashboard centralizes reporting, policies, and user management, and provides a holistic view across the organization, as well as enables customizable and granular controls.
LastPass Identity is easy to deploy and integrates with user directories like Azure Active Directory. Users praise this solution as easy to set up and use, reliable, convenient, and they highlight the password autofill feature as a particularly useful and time-saving tool. LastPass Identity is an ideal solution for ensuring ease of account access for end-users while maintaining strong security, and is suitable for organizations across all industries. We’d recommend this solution for SMBs and mid-size enterprises looking for an equally user-friendly and secure solution.
Microsoft Azure Active Directory
Robust passwordless authentication solutions for Office 365
Microsoft’s Azure Active Directory (Azure AD) is an industry-leading cloud-based identity and access management solution for Office 365 and connected applications, currently trusted by 425 million users globally to secure access to their apps, devices, and data. The platform offers features including SSO, MFA, and conditional access to enable users to log in easily and securely, and provides options for passwordless authentication. To log in password-free, organizations can choose from three methods of authentication, depending on their requirements. These include Windows Hello for Business, the Microsoft Authenticator app, and FIDO2 security keys. Currently offering four levels to their solution, passwordless authentication—alongside MFA and SSO—is available in all levels.
SSO can be password-based or SAML-based, and provides users full access to associated accounts without needing to enter a password. MFA not only adds an additional layer of security to the log-in process, but enables users to log in password-free using Windows Hello for Business, the Microsoft Authenticator mobile application, FIDO2 security keys, hardware/software tokens, or SMS/voice codes. Windows Hello empowers users to log in using a single gesture, leveraging built-in biometrics authenticators within their devices, as well as PIN credentials. The Microsoft Authenticator app replaces passwords with push notifications that are sent to users’ devices and require approval from the user, often using biometric controls. As well as this, admins can manage identities and implement policies for granular access control, alongside real-time adaptive policies with conditional factors to limit risk.
Microsoft offer a catalog including thousands of pre-built API-based integrations, and is widely supported by third parties globally, allowing you to easily enroll O365 users in hundreds of third-party applications and services. Azure AD is a popular and highly rated solution, praised by users as an easy to use, simple to integrate, effective, scalable, and secure solution that’s reliable for all use cases. Some users note that its plethora of capabilities can be difficult to learn how to use, and it’s important to be aware that some of its capabilities are only available in higher tiers and can’t be licensed standalone, which can confuse the pricing structure. Azure AD is suitable for organizations across all industries, and is best suited for enterprise businesses looking to implement a robust and secure passwordless authentication solution.
Okta Workforce Identity
Fast and easy passwordless authentication across all managed applications
Okta is a market leader in identity and access management, currently serving more than 10,000 organizations globally. Their Software-as-a-Service identity management platform is flexible and scalable, enabling businesses to secure access to their cloud accounts and applications while simplifying log-in, and supporting more than 7,000 integrations. Okta’s Workforce Identity suite of products includes MFA, SSO, and universal directory, as well as reporting and device management, alongside other useful features. Organizations can tailor their packages to fit their specific business needs by combining various modular components within the Workforce Identity suite. Okta enables passwordless authentication by supporting authorization by email magic links, factor sequencing, FIDO2-supported standards—such as secure keys and biometrics—, smartcards, and SSO.
Part of the Workforce Identity suite, Okta’s Devices includes FastPass to enable a consistent passwordless log-in experience across all devices. To use FastPass, users only need to register their device to Okta’s universal directory via the Okta verify app. They can then use biometrics to unlock the app and gain access to any Okta-managed application. FastPass can also be combined with Device Trust, which ensures passwordless log-in is only available on managed devices. Other key features of Okta’s solution include device context to limit in-app actions and enable device-based access policies, remote sign-out, device visibility, a universal directory providing a consolidated view of all users, centralized user management in and mobile device management , and in-depth reporting capabilities.
Okta’s solution ranks highly for its passwordless capabilities and user experience. End users find the solution easy to and use, convenient, reliable, stable, and feel confident that their information is secure when using the platform. The platform currently supports more than 7,000 integrations with applications in the cloud and on-premises. Okta’s solution is suitable for enterprise customers across all industries; they offer flexible and scalable solutions for all passwordless use cases.
OneLogin Workforce Identity
A comprehensive stack of identity and access management products including SSO, MFA, and certificate-based authentication
OneLogin is a leader in identity and access management, trusted by more than 2,000 organizations globally to manage access to their accounts, applications, and data. OneLogin’s Trusted Experience Platform, offers a comprehensive suite of products with a range of capabilities. The Workforce Identity stack enables fast, simple, and secure access for employees, while offering identity lifecycle management and access controls for admins. The suite includes Secure Single Sign-On, SmartFactor Authentication, advanced directory, and access management controls and capabilities.
Passwordless authentication is enabled via SSO, MFA, and certificate-based trust. SSO enables one-click access to all connected applications, whether on-premises or cloud-based. Methods of passwordless authentication available as part of MFA include email, SMS, voice, biometrics, Google Authenticator, FIDO2-compliant security keys, the OneLogin Protect authentication app, and more. Using the OneLogin Protect app, users can easily and quickly log in by approving a push notification sent to their trusted device. As well as this, the OneLogin Desktop module leverages certificate-based authentication to enable passwordless log-in. This means users can authenticate by simply logging in to their operating system using their device password, as this is coupled with the installed OneLogin Desktop certificate.
The OneLogin Trusted Experience Platform can be deployed in the cloud, on-premises, or in hybrid environments, and features a catalog of more than 6,000 pre-integrated apps. The platform is highly rated for ease-of-use for both end-users and admins and is secure, and reliable. The platform also supports 25 languages—meaning organizations with a global presence can provide localized content for employees. This platform is best suited to mid-size and enterprise organizations across all industries looking for a comprehensive and reliable passwordless solution.
Ping Identity Workforce360
Market-Leading Identity And Access Management Platform
Ping Identity offers a stack of highly rated solutions that provide seamless and secure user access for customers globally. With a focus on enterprise customers, Ping Identity currently manages over two billion identities through their identity and access management platform. Enabling admins to control user access from one centralized platform, their Workforce360 solution is a package of identity services that includes SSO, MFA, directory services, adaptive policies, and more.
Alongside SSO, which allows users to access all accounts via one employee dashboard, and MFA, which helps users prove their identity safely and conveniently and can be deployed anywhere, Workforce360’s PingZero feature offers a passwordless sign-on experience. PingZero enables users to safely eliminate passwords from their log-in experience and instead use passwordless methods of authentication—such as push notifications, biometrics, and FIDO-enabled factors. Alongside this, the Workforce360 platform leverages artificial intelligence that detects anomalous behavior and signs of account compromise, provides adaptive and contextual authentication policies, a highly scalable user directory, and end-user self-service capabilities.
Ping Identity’s Workforce365 is rated highly by users as an easy-to-use, reliable, and effective platform, that’s easy to configure and provides greater options for MFA due to the wide range of methods of authentication available. The solution can be deployed on-premises or via the cloud—including AWS, Google, and Azure—as well as on Ping Identity’s PingCloud. With current customers including those in finance, healthcare, public sector, manufacturing, and technology, this solution is suitable across all industries—but is best suited to larger enterprise-sized organizations looking for secure and convenient identity and access controls.
Secret Double Octopus
A passwordless SSO and MFA solution helping organizations eliminate passwords from their log-in processes
Secret Double Octopus offers a passwordless authentication solution that aims to eliminate the use of passwords within organizations. Their platform offers passwordless SSO and MFA, enabling users to access their accounts quickly and easily with zero passwords involved. The solution enables users to access workstations, remote services, cloud applications, and on-premises systems seamlessly, while any passwords are managed automatically by the Octopus Authentication technology. This means that while users can access applications without passwords, the solution still enables organizations to generate and manage strong passwords for legacy systems that depend on them.
The solution works by offering both SSO and MFA for organizations. The SSO portal can be deployed on-premises or in the cloud, and enables users to access their accounts and applications from one comprehensive platform. MFA works across all systems and applications, while organizations can choose the method of authentication they’d like to use—including FIDO2 authenticators, third-party MFA, and the Octopus Authenticator app. To verify their identity, users must approve an authentication request using the built-in biometric authenticators on their devices, or use a FIDO2-compliant authenticator. For admins, a real-time dashboard provides centralized management of user log-in activity and user metrics.
Secret Double Octopus’ solution is scalable, user-friendly, and convenient. Users praise this solution as easy to implement and reviews note that it’s effective in solving the issue of having to remember complex passwords. Implementation includes standards-based integration, out-of-the-box compliance, simple configuration, and service integration templates to help admins set up the service, as well as remote distribution to users and self-service enrolment. This solution is suitable for organizations across all industries, and is best suited for mid-sized to enterprise organizations looking for a user-friendly solution to help eliminate passwords from their users’ log-in process.
Thales SafeNet Trusted Access
Scalable and flexible SSO and MFA solutions, offering an array of methods of authentication for users
Thales is a well-established technology company providing solutions across critical industries globally. Digital identity and security is a key market in their portfolio, and more than 30,000 organizations leverage Thales to verify identities, grant access, analyze information, and encrypt data. In 2019, Thales acquired identity security company Gemalto—which acquired SafeNet in 2015—enabling them to leverage Gemalto’s Trusted Digital ID Services platform and offer the SafeNet Trusted Access solution. SafeNet Trusted Access is a cloud-based, multi-tier, multi-tenant access management solution that combines SSO, MFA, and scenario-based access to enable organizations to simplify access, centralize identity management, and provide passwordless authentication for users.
SafeNet Trusted Access offers numerous ways to implement passwordless authentication. Smart SSO enables users to log into all their accounts and applications via one seamless portal, thereby limiting the number of passwords they need to use and remember, as well as offering flexible conditional access policies. MFA provides a broad range of passwordless authentication methods, including push one-time passwords, biometrics, pattern-based authentication (GrIDsure), PKI credentials, Google Authenticator, FIDO2-compliant hardware security keys and smartcards, context-based authentication, and more. Thales’ MobilePass+ app can be used on iOS and Android platforms, as well as Windows desktops, to enable users to authenticate using their device’s built-in biometrics or Windows Hello. The solution comes with fully automated management of users, permissions, and tokens, and provides admins with a comprehensive dashboard and customizable reporting capabilities.
SafeNet Trusted Access is quick to deploy, scalable, includes more than 150 out-of-the-box integrations. Users rate the solution as easy to deploy and manage, reliable, user friendly, and secure. Many also appreciate the ability to implement different methods of authentication for varying use cases, and praise the MobilePass+ app as particularly useful for not-so-tech-savvy users. The solution is suitable for organizations across all industries—including those in finance, healthcare, critical sectors, and governments—and is best suited for SMBs and Enterprises seeking a scalable and flexible solution with multiple options for authentication.
Portable and durable hardware keys to help secure and simplify users’ log-in process.
Yubico is rated highly in the identity and access management space, serving millions of end-users in 160 countries and providing access to nearly 1,000 apps. Their mission is to simplify the login process, balancing security and usability, while addressing the security vulnerabilities that come with software authentication. YubiKey is a robust portable hardware key that provides access to devices, networks, applications, and online services in one touch. Currently offering multiple different keys at ranging price points, organizations can invest in the solution that best meets their specific needs with regards to devices and which accounts they want to secure.
The YubiKey is designed to be easy to use, fast, and reliable, as well as crush and water-resistant, and doesn’t require batteries or network connection to function. Using this secure key, organizations can achieve passwordless authentication—eliminating passwords and using FIDO2 open authentication standards—or can use it to implement strong multi-factor authentication, supporting one-time passwords, smart card authentication, and more. To use the YubiKey to access devices and accounts, users only need to insert and touch their key if using a computer, or tap on the back of their device if using a mobile phone. If users prefer using authenticator apps, Yubico also offers their Yubico Authenticator app which enables users to store their credentials on their YubiKey rather than on their mobile device.
The solution supports both cloud and on-premises systems. Set up is simple—users don’t need to install anything, and admins can either pre-enroll users or allow them to self-enroll. Overall, users find the YubiKey safe, convenient, reliable, and versatile. Some reviews express concern over how easy the device may be to lose due to its small size, and how costly keys can be to replace if lost—but most report they have used the same key for multiple years with no issues. We recommend this solution for enterprise customers in finance, retail, healthcare, government, and internet services. This solution is best suited for enterprise organizations looking to further secure their log-in processes.