Passwordless Authentication Methods
The PingOne for Customers Passwordless solution offers the following passwordless authentication methods, which each have advantages and disadvantages.
Email magic link
An email magic link, also known as a magic signon link or passwordless sign-on link, is a convenient way to sign on to an online service, website, or application without entering a traditional username and password. Instead, it relies on a unique link that’s sent to the user’s email address, which acts as a one-time authentication token.
| Use cases | Benefits | Challenges |
|---|---|---|
Web applications |
Reduced password fatigue |
Email security concerns |
Mobile apps |
Lower support costs |
User skepticism |
Temporary or infrequent sign ons |
Mobile-friendly |
Expired links and usability issues |
Password recovery |
Reduced risk of password breaches |
Phishing risks |
One-time passcodes (email and SMS)
A one-time passcode (OTP) is a passwordless authentication method used to provide a secure and convenient way for users to sign on to their accounts or access sensitive information without the need for traditional passwords. In passwordless authentication using OTP, users are authenticated with a code delivered to the email address or phone number (through SMS) that’s registered with their account.
| Use cases | Benefits | Challenges |
|---|---|---|
Low-risk accounts |
Improved security |
Delivery reliability and security |
Account recovery |
No passwords to remember |
Mobile number changes |
Limited access |
User trust and adoption |
Phishing risks |
Early stages of user Onboarding |
Frictionless user Experience |
Expired OTPs |
FIDO2 (biometrics, passkeys, security keys)
Fast IDentity Online (FIDO) 2 is an authentication standard developed by the FIDO Alliance that enables passwordless authentication using biometric data. FIDO2 is designed to enhance the security and user experience of online authentication by replacing traditional passwords with the following more secure and convenient methods:
- FIDO2 biometrics
-
Incorporates biometric authentication techniques, such as fingerprint recognition, facial recognition, iris scanning, or voice recognition, to verify a user’s identity. Instead of relying on static passwords, FIDO2 biometrics relies on unique biological characteristics that are difficult to replicate, providing a higher level of security against various authentication threats.
- FIDO2 passkeys
-
A type of authentication device used for passwordless authentication. Passkeys enable users the ability to sign on to their accounts by accessing their FIDO2 credentials on many of their devices that have been enrolled in multi-factor authentication (MFA). Passkeys reduce the risk of phishing, all forms of password theft (including password spraying brute force attacks), and credential stuffing attacks.
- FIDO2 security keys
-
Physical hardware devices used for passwordless authentication based on the FIDO2 standard. These devices are designed to provide a highly secure way for users to authenticate to online services and applications.
| Use cases | Benefits | Challenges |
|---|---|---|
Online banking |
Enhanced security |
Biometric accuracy |
Healthcare records |
High phishing resistance |
Potential for spoofing and presentation attacks |
Government services |
Multi-platform compatibility |
Data privacy and regulations |
E-commerce platforms |
Privacy protection |
User acceptance |