remove access from unintended users. Done right, an advanced passwordless solution removes the zero-sum trade-off between better security and a better user experience. It allows individuals to authenticate into workstations, physical doors, and other sensing assets simply by being close to them and uses AI/ML to approximate distance from sensing objects without requiring traditional pairing or additional user interaction. End-to-end use case support allows enterprises to consolidate solutions, remove complexity, reduce costs, and deliver better security outcomes, while robust administration tools and workflow-based execution easily support complicated security and access requirements. Here’s how:

Enterprise-wide coverage

The passwordless solution can’t be tied to just one application or system; it must be available everywhere a user works.

Presence-based authentication

The solution must be able to authenticate users seamlessly at workstations and physical entries using proximity and biometric data.

Continuous identification

It’s not enough to validate users at sign in; solutions must continually authenticate them throughout the entire work session.

Self-service tools

Enabling users to enroll and manage their devices from anywhere (based on internal security policies) reduces IT help desk tickets.

Speed and scalability enable passwordless solutions to become the single most secure authentication layer to all digital and physical workflows in the enterprise. Deep technology collaborations with manufacturers and operating system vendors overcome usability challenges, and strong AI/ML functionality allows the solution to improve with each user interaction. Best of all, the superior end-user experience facilitates broad adoption so the tech actually gets used.

Weighing the tradeoffs

Forrester analysts also encourage buyers to consider the security and ease-of-use tradeoffs between biometrics, smartphone as token, or hardware tokens and to pay attention to vendor support for OSes, browsers, and endpoint devices. They note that a passwordless approach must still support an overall MFA strategy with a means for risk-based, step-up authentication that takes into account the need to secure access to apps built to support only passwords.

Additionally, to provide more granular and dynamic network access, Zero Trust edge mandates that most network traffic and activity be tied to well-identified, authenticated, and authorized users. As the Forrester report notes, cloud-based solutions enable organizations to implement and enforce least-privilege-based, just-in-time access to storage, compute, and network resources.

Beyond usability and security, continuous authentication solutions must respect user privacy. Users should have complete control over and visibility into the data that are collected and how it is used. Modeling should be done in a privacy-preserving manner with clear outcomes defined, and AI/ML models should be used strictly to facilitate authentication the user initiated and not for any other data collection or user monitoring.

Striking the right balance

Continuous passwordless identity should strike a balance between a frictionless end-user experience and highly accurate security to lay the foundation for data-breach risk-reduction strategies that improve cyber resilience and reduce user frustration at the same time. Organizations that prioritize the passwordless approach will leapfrog current technologies and lead the pack with the best credential defense available.

Their workflows will become more streamlined, their overall cyber investments will shrink, and their users will be much, much happier.