Passwordless authentication
Passwordless authentication removes the need for traditional passwords, replacing them with secure, user-friendly methods such as passkeys, biometrics, or one-time codes. This reduces attack surfaces and creates a smoother login experience.
Why it matters
Passwords are vulnerable to phishing, reuse, and brute-force attacks. Eliminating them strengthens security while improving convenience.
Key capabilities
- Passkeys and biometrics – Support FIDO2/WebAuthn, fingerprint, and facial recognition
- One-time codes and magic links – Provide backup login methods without static passwords
- Policy flexibility – Let admins define preferred authentication options per audience
- Fallback options – Ensure access continuity with secure recovery paths
Outcomes
Organizations that implement passwordless authentication achieve:
- Stronger security by removing passwords from the attack surface
- Faster login experiences that improve user satisfaction
- Lower support costs by eliminating password reset requests
Design principles
- Encourage passkey enrollment early, with a clear fallback method
- Provide multiple passwordless options to cover varied devices and users
- Balance security with convenience to drive adoption
- Regularly review usage data to refine policies
Where to configure
Compliance note
Passwordless authentication supports MFA requirements and helps satisfy regulatory expectations for strong user identity assurance.
FAQ
What is a passkey?
A passkey is a FIDO2/WebAuthn credential stored securely on a user’s device and used for passwordless login.
Do users still need a fallback method?
Yes. Providing OTP or recovery codes ensures users can regain access if a device is unavailable.
Does passwordless work on all devices?
Most modern devices and browsers support passkeys and biometrics. For older systems, fallback methods are available.
Can administrators control which methods are available?
Yes. Policies can specify which passwordless methods are enabled for specific groups or applications.