Understand passwordless
|
ForgeRock® Enterprise Connect and ForgeRock® Enterprise Connect Passwordless are add-on capabilities available for purchase for ForgeRock Identity Cloud and self-managed versions of ForgeRock Access Management. Contact your ForgeRock representative for more details on how these capabilities can enhance your organization’s security posture. |
The term passwordless often has multiple meanings in today’s technological landscape. While complete passwordless is the final stage of a passwordless journey, not all organizations can move directly to this end-state and not all applications/systems can be in this state.
Where you are on your journey to passwordless will differ depending on time and if the workstations, servers, applications, and systems can adopt passwordless technologies.
While Identity Cloud and Access Management provide the capability to use multi-factor authentication (MFA) or complete passwordless for web and mobile apps for authentication, managed devices are often left unaddressed.
Devices such as:
-
Windows workstations
-
Non-Windows workstations and servers, such as Macs and Linux
-
VPNs and databases
-
Legacy systems
This is where Enterprise Connect and Enterprise Connect Passwordless come into play.
-
1 Passwordless Factor - Use a passwordless method, such as a push notification or a one-time passcode (OTP), as an additional authentication factor beyond a password. This is also referred to as a second-factor or multi-factor authentication.
-
2 Passwordless Experience - Remove the password from the user experience and perform any password-based authentication securely in the background.
-
3 Complete Passwordless - Eliminate the need for passwords completely by authenticating users using passwordless factors or private-key cryptography.
Organizations desire to be in a complete passwordless state, however, in some cases this is not feasible or may require a phased-approach.
For organizations that want to implement a complete passwordless state, this may not be possible or may require a phased approach. For example, you may need to provide a second factor of authentication for users when they log in to their workstation to increase your security posture. This allows you to start the journey to passwordless using Enterprise Connect.
Another example could be that your legacy systems require passwords for authentication, or they cannot accommodate the new technologies/protocols a complete passwordless state needs. In this scenario, opting for the passwordless experience is what you need. This rotates passwords securely in the background, without the user needing to know their password. Implementing this option improves the user experience while also increasing the overall security of your organization. This allows you to continue on the journey of passwordless using Enterprise Connect Passwordless.
Should you use Enterprise Connect or Enterprise Connect Passwordless?
Enterprise Connect and Enterprise Connect Passwordless both offer solutions to move towards passwordless. Which solution you choose will depend on the needs and state of your organization.
Refer to the following table to assist you with your decision.
| Product | Passwordless Factor | Passwordless Experience | Complete Passwordless | Description |
|---|---|---|---|---|
Yes |
No |
No |
Enterprise Connect improves security and provides:
|
|
Yes |
Yes |
Yes |
Enterprise Connect Passwordless improves user experience, security and:
|