Passwordless secure login
If your administrator has set up passwordless with FIDO2 WebAuthn as your second factor, read on to discover how secure you are when logging in without a password.
Username and password go together like peanut butter and jelly. So, when you hear that you can log in without a password, you might worry that “no password equals no security.”
In fact, the opposite is true.
Before you log in to a resource, such as Office 365, SecureAuth runs adaptive risk checks in the background. The risk checks analyze the device you’re using to log in, your location, IP address, and more to ensure you are who you say you are and to stop attackers. To learn how adaptive risk analysis works, watch this one-minute .mp4 video:
Passwordless login provides several options to verify your identity, such as fingerprint recognition, face scan, security key, or one-time passcode on your phone. Passwordless login is secure, but here are a few doubts you might experience:
- I just enter my username and I’m in?
You don’t need to remember a password, but you do enter a second factor. Tap a security key, use your fingerprint, receive a one-time passcode on your phone, or complete the method your administrator set up.
- How secure is this, really?
It’s natural to think that not entering a password is unsafe. Remember, those adaptive risk checks are running in the background to keep attackers out. You’re good to go without a password!
- Am I in?
It might feel strange not entering a password to log in. You might think you don’t have permission to access a resource, but you have. You’re in!
- What else do I need to do?
You are so used to entering a password that you might think you failed to complete a step, but you didn’t. You’re in!