---
title: Passwordless Authentication Methods
description: The PingOne for Customers Passwordless solution offers the following passwordless authentication methods, which each have advantages and disadvantages.
component: pingone-solutions
page_id: pingone-solutions:pingone-customers-passwordless:ciam_passwordless_authentication_methods
canonical_url: https://docs.pingidentity.com/pingone-solutions/pingone-customers-passwordless/ciam_passwordless_authentication_methods.html
revdate: January 24, 2024
section_ids:
  email-magic-link: Email magic link
  one-time-passcodes-email-and-sms: One-time passcodes (email and SMS)
  fido2-biometrics-passkeys-security-keys: FIDO2 (biometrics, passkeys, security keys)
---

# Passwordless Authentication Methods

The PingOne for Customers Passwordless solution offers the following passwordless authentication methods, which each have advantages and disadvantages.

## Email magic link

An email magic link *(tooltip: \<div class="paragraph">
\<p>A passwordless authentication method that involves the authentication service sending a single-use sign on link to the user by email or SMS.\</p>
\</div>)*, also known as a magic signon link or passwordless sign-on link, is a convenient way to sign on to an online service, website, or application without entering a traditional username and password. Instead, it relies on a unique link that's sent to the user's email address, which acts as a one-time authentication token.

| Use cases                        | Benefits                          | Challenges                         |
| -------------------------------- | --------------------------------- | ---------------------------------- |
| Web applications                 | Reduced password fatigue          | Email security concerns            |
| Mobile apps                      | Lower support costs               | User skepticism                    |
| Temporary or infrequent sign ons | Mobile-friendly                   | Expired links and usability issues |
| Password recovery                | Reduced risk of password breaches | Phishing risks                     |

## One-time passcodes (email and SMS)

A one-time passcode (OTP) *(tooltip: \<div class="paragraph">
\<p>A passcode valid for only one sign-on or transaction on a computer system or other digital device. Also known as a one-time password, one-time PIN, or dynamic password.\</p>
\</div>)* is a passwordless authentication method used to provide a secure and convenient way for users to sign on to their accounts or access sensitive information without the need for traditional passwords. In passwordless authentication using OTP, users are authenticated with a code delivered to the email address or phone number (through SMS) that's registered with their account.

| Use cases                       | Benefits                     | Challenges                        |
| ------------------------------- | ---------------------------- | --------------------------------- |
| Low-risk accounts               | Improved security            | Delivery reliability and security |
| Account recovery                | No passwords to remember     | Mobile number changes             |
| Limited access                  | User trust and adoption      | Phishing risks                    |
| Early stages of user Onboarding | Frictionless user Experience | Expired OTPs                      |

## FIDO2 (biometrics, passkeys, security keys)

Fast IDentity Online (FIDO) *(tooltip: \<div class="paragraph">
\<p>A set of open technical specifications developed by the FIDO Alliance for strong authentication.\</p>
\</div>)* 2 is an authentication standard developed by the [FIDO Alliance](https://fidoalliance.org/) that enables passwordless authentication using biometric data. FIDO2 is designed to enhance the security and user experience of online authentication by replacing traditional passwords with the following more secure and convenient methods:

* FIDO2 biometrics

  Incorporates biometric authentication techniques, such as fingerprint recognition, facial recognition, iris scanning, or voice recognition, to verify a user's identity. Instead of relying on static passwords, FIDO2 biometrics relies on unique biological characteristics that are difficult to replicate, providing a higher level of security against various authentication threats.

* FIDO2 passkeys

  A type of authentication device used for passwordless authentication. Passkeys enable users the ability to sign on to their accounts by accessing their FIDO2 credentials on many of their devices that have been enrolled in multi-factor authentication (MFA) *(tooltip: \<div class="paragraph">
  \<p>An electronic authentication method where a user is granted access only after presenting two or more verification factors for authentication.\</p>
  \</div>)*. Passkeys reduce the risk of phishing, all forms of password theft (including password spraying brute force attacks), and credential stuffing attacks.

* FIDO2 security keys

  Physical hardware devices used for passwordless authentication based on the FIDO2 standard. These devices are designed to provide a highly secure way for users to authenticate to online services and applications.

  | Use cases            | Benefits                     | Challenges                                      |
  | -------------------- | ---------------------------- | ----------------------------------------------- |
  | Online banking       | Enhanced security            | Biometric accuracy                              |
  | Healthcare records   | High phishing resistance     | Potential for spoofing and presentation attacks |
  | Government services  | Multi-platform compatibility | Data privacy and regulations                    |
  | E-commerce platforms | Privacy protection           | User acceptance                                 |