A Password is supposed to provide a secure access to an account, and it acts as a security barrier to protect the account from an attacker. However, they are also the most common way by which Security is compromised.
Password-less authentication is a form of multi-factor authentication that replaces the password with a secure alternative. The device creates a public and private key when registered. The private key can only be unlocked using a local gesture such as a biometric or PIN. Users have the option to either sign in directly via biometric recognition—such as fingerprint scan, facial recognition, or iris scan—or with a PIN that’s locked and secured on the device.
Let’s discuss some of the ways in which we can implement a Password less authentication:
Windows Hello for Business
Microsoft Authentication app
FIDO2 security keys
Introduced by Microsoft in Windows 10, Windows Hello uses biometric sensors or a PIN to verify a user’s identity. The Microsoft Authenticator app is a software token that allows users to verify their identity with a built-in biometric or a PIN when signing into their work or personal accounts from a mobile phone. You can now use portable FIDO2 hardware devices to log into a work machine or cloud services on supported devices and browsers.
|Windows Hello for Business||Microsoft |
|Fast Identity Online (FIDO) 2 security devices|
|Pre-Requisite||Windows 10, version 1511 or later|
Azure Active Directory
|Microsoft Authenticator app|
Phone (iOS and Android devices running Android
6.0 or above)
|Windows 10, version 1809 or later
Azure Active Directory
|Systems and devices||PC with a built-in Trusted |
Platform Module (TPM)
PIN and biometrics recognition
|PIN and biometrics recognition on phone||FIDO2 security devices that are Microsoft compatible|
|User experience||Sign in using a PIN or biometric recognition |
(Facial, iris, or fingerprint) with Windows devices.
authentication is tied to the device; the user needs both the device and a sign-in component such as a PIN or biometric factor to access corporate resources.
|Sign in using a mobile |
phone with fingerprint scan, facial or iris recognition, or PIN.
Users sign in to work or personal account from their PC or mobile phone.
|Sign in using FIDO2 security device (biometrics, PIN, and NFC).
User can access device based on organization controls and authenticate based on PIN, biometrics using devices such as USB security keys and NFCenabled smartcards, keys, or wearables.
|Enabled scenarios||Password-less experience with Windows device.|
Applicable for dedicated work PC with ability for single sign-on to device and applications.
|Password-less anywhere solution using mobile phone.|
Applicable for accessing work or personal applications on the web from any device.
|Password-less experience for workers using biometrics, PIN, and NFC.
Applicable for shared PCs and where a mobile phone is not a viable option (such as for help desk personnel, public kiosk, or hospital team).