It's no secret that passwords have historically been one of the largest causes of cyberattacks. Weak passwords are easily compromised through attacks like brute force, social engineering, password spray, and more. Strong passwords increase complexity by being long and random, but that leads to them being forgotten by users – and still leaving them susceptible to attacks such as phishing.
Adopting high assurance passwordless authentication that includes proximity detection and certificate-based authentication will eliminate security threats from remote-based account takeover (ATO) attacks and improve the overall user experience.
PKI-based mobile smart credentials
Ensure security without compromising the user experience, with PKI mobile smart credential-based passwordless access that uses Bluetooth® proximity detection in the authentication process. Transform your users’ mobile devices into trusted digital identities with the installation of certificates that let them securely log in passwordlessly to their desktops and laptops using biometrics such as Face ID or Touch ID.
- A digital certificate is installed on the user’s mobile device, converting it into a trusted device.
- User unlocks their device and accesses their trusted identity using a biometric such as fingerprint or facial recognition.
- Once user is authenticated, Bluetooth connectivity to a Mac or PC delivers passwordless login and single sign-on (SSO) to all cloud and on-premises apps while in close proximity.
- When user walks away from their workstation with their mobile device, they’re automatically logged out of the workstation and their apps. (The proximity settings to trigger an automatic logout are customizable.)
Add support to FIDO2 with WebAuthn
WebAuthn, a core component of the FIDO (Fast Identity Online) Alliance’s FIDO2 specifications, is a web-based API that adds FIDO-based authentication support to web applications on supported browsers and platforms.
It provides a higher level of security through the use of cryptographic keys that are unique across every app, with the private key stored on the user’s device and not on a server. Users can use external authenticators such as a security key or mobile phone to log in to applications through their web browsers.
Enable passkeys with ease
Passkeys are cryptographic key pairs used to authenticate users into various applications. A public key is stored on the application server and a private key is stored on the user’s device. Passkeys use Bluetooth to communicate between the user’s phone (FIDO authenticator) and the device from which the user is trying to authenticate. Bluetooth requires physical proximity, providing a phishing-resistant way to leverage the user’s phone during authentication.
- User initiates login.
- Application issues security challenge to registered smart device in proximity (confirmed via Bluetooth).
- User uses biometrics to authenticate passkey. Passkey on mobile is used to sign and send back challenge.
- Application verifies signed challenge using the corresponding public key stored on the server and proximity of passkey device to log in user.
Passwordless multi-factor authentication (MFA)
Going passwordless doesn’t mean you need multiple authenticators for multi-factor authentication. Using a mobile-based FIDO2 key or mobile smart credential combines multiple factors such as possession (smart phone) and inherence (biometrics with Face ID/Touch ID).
Single sign-on (SSO)
With our SSO offering, your users can access all applications after authenticating once, instead of re-authenticating for every unique cloud, on-prem, and legacy application they need to access.
Flexibility for every use case
With multiple passwordless options that include high assurance authentication – including PKI-based mobile smart credentials, biometrics, FIDO2 keys and passkeys, secure mobile push with mutual authentication, soft token time-based one-time passwords, and more – you can enable a user-friendly experience and tailor the type of passwordless authenticator used based on your use case.
Benefits of passwordless login
Entrust is a leader in digital security with 25+ years of experience in the industry. We have been first-to-market with many solutions, including passwordless user authentication.
Our passwordless authentication capabilities work with the environment you have. You’ll save on the costs of resets, administration, and support.
With Entrust, you decide if you want a cloud-based or on-prem solution for high-assurance credential-based passwordless authentication.
Our identity portfolio capabilities:
The identity portfolio suited to your authentication needs