Relentless Identity Attacks Require Strong Passwordless Authentication

Part 1

Organizations are rapidly modernizing their identity and access management solutions and adopting authentication along their digital journey. But how exactly has authentication evolved through digital transformation? How do you balance removing risk and delivering an improved user experience for customers and the workforce who need access to systems, data, and apps?

In Part 1, Matt Ulery, Chief Product Officer at SecureAuth and guest speaker Merritt Maxim, Vice President, Research Director at Forrester Research explore how the authentication journey has evolved through a digital transformation. They address how adversaries preying upon desires to create a frictionless user experience.

With trends continuing to show a greater push for all digital transactions and growing risks and fraud concerns forcing companies to consider new authentication methods. Mat and Merritt analyze how:

• Passwords/credentials remain the most common vector for data breaches  
• User’s expectations are always changing; it is important to not just benchmark against direct competitors, but also have a Best in Class user experience. 
• Linkage is needed with line of business to understand their expectations/metrics for growing business, and how authentication might affect that (e.g. if new user enrollment is a key metric, what effect would requiring stronger authentication have?) 

Part 2

How quickly is the adoption and deployment of passwordless authentication for consumers and the workforce becoming a reality? What are the key considerations for passwordless? In Part 2, Matt Ulery Chief Product Officer at SecureAuth and guest speaker Merritt Maxim, Vice President, Research Director at Forrester Research, explore the tangible technical implementations and experiments with passwordless from the perspective of the user demand side and the vendor in 2023, and beyond.

To make the passwordless journey successful, including how to deploy it, educate users and get it up and running without friction in as many applications as possible, Matt and Merrit dive into:

• How vendors address this, – via SDKs, APIs, or toolkits (in JavaScript, PHP, Python, etc.)  
• How to have the right endpoint hardware support. Passwordless should have a consistent approach for how credentials are securely stored on devices and how passwordless can provide login to the device itself.  
• How flexible available options are, and the current barriers to authentication. 
• Today’s most prominent passwordless deployments. The availability of passwordless has been adopted by major standards and now, FIDO2 (most notably the W3C’s WebAuthn specification) shows real promise in making passwordless accessible for more organizations. Other standards such as OpenID Connect and SAML for SSO are also relevant to passwordless deployments.