Password Less Authentication

A Password is supposed to provide a secure access to an account, and it acts as a security barrier to protect the account from an attacker. However, they are also the most common way by which Security is compromised.  

You can reduce your odds of being compromised by up to 99.9% by implementing multi-factor authentication (MFA). However, MFA can also lead to increase in complexity in terms of User Experience.  This is leading us towards Passwordless authentication.

Password-less authentication is a form of multi-factor authentication that replaces the password with a secure alternative. The device creates a public and private key when registered. The private key can only be unlocked using a local gesture such as a biometric or PIN. Users have the option to either sign in directly via biometric recognition—such as fingerprint scan, facial recognition, or iris scan—or with a PIN that’s locked and secured on the device.

Let’s discuss some of the ways in which we can implement a Password less authentication:

  1. Windows Hello for Business

  2. Microsoft Authentication app

  3. FIDO2 security keys

Introduced by Microsoft in Windows 10, Windows Hello uses biometric sensors or a PIN to verify a user’s identity. The Microsoft Authenticator app is a software token that allows users to verify their identity with a built-in biometric or a PIN when signing into their work or personal accounts from a mobile phone. You can now use portable FIDO2 hardware devices to log into a work machine or cloud services on supported devices and browsers.

Windows Hello for BusinessMicrosoft
Authenticator app
Fast Identity Online (FIDO) 2 security devices
Pre-RequisiteWindows 10, version 1511 or later
Azure Active Directory
Microsoft Authenticator app
Phone (iOS and Android devices running Android
6.0 or above)
Windows 10, version 1809 or later
Azure Active Directory
Systems and devicesPC with a built-in Trusted
Platform Module (TPM)
PIN and biometrics recognition
PIN and biometrics recognition on phone FIDO2 security devices that are Microsoft compatible
User experienceSign in using a PIN or biometric recognition
(Facial, iris, or fingerprint) with Windows devices.
Windows Hello
authentication is tied to the device; the user needs both the device and a sign-in component such as a PIN or biometric factor to access corporate resources.
Sign in using a mobile
phone with fingerprint scan, facial or iris recognition, or PIN.
Users sign in to work or personal account from their PC or mobile phone.
Sign in using FIDO2 security device (biometrics, PIN, and NFC).
User can access device based on organization controls and authenticate based on PIN, biometrics using devices such as USB security keys and NFCenabled smartcards, keys, or wearables.
Enabled scenariosPassword-less experience with Windows device.
Applicable for dedicated work PC with ability for single sign-on to device and applications.
Password-less anywhere solution using mobile phone.
Applicable for accessing work or personal applications on the web from any device.
Password-less experience for workers using biometrics, PIN, and NFC.
Applicable for shared PCs and where a mobile phone is not a viable option (such as for help desk personnel, public kiosk, or hospital team).

So, if your Company wishes to adopt a password less approach, do get in touch with us and we will be happy to work with you in deploying the same.



Our Solutions