ForgeRock’s Latest Identity Platform Finally Kills the Password, Ushers in New Era of the Frictionless User Experience

Newly announced push authentication features and capabilities in the ForgeRock Identity Platform support passwordless login and frictionless second factor authentication

San Francisco, CA – July, 20 2016 - ForgeRock®, the leading open platform provider of identity management solutions, today announced the latest edition of the ForgeRock Identity Platform, with advanced new capabilities that will enable organizations to orchestrate highly secure, frictionless user experiences using push authentication. The ForgeRock Identity Platform is the industry’s first end-to-end open source identity management solution to support passwordless login and frictionless second factor authentication capabilities for continuous security.

With billions of Internet of Things (IoT) devices and services coming online – Gartner, Inc. forecasts that 20.8 billion connected things will be in use worldwide by 2020[1] – the conventional login-and-password approach to authenticating users and authorizing access to data and services will no longer be workable. In fact, Forrester expects that with computing processing power increasing dramatically, even passwords 14 to 20 characters long will be readily crackable and largely ineffective for protecting high-value, high-risk assets and transactions by 2019.[2] The ForgeRock Identity Platform is designed for this challenging new environment.

Where other identity management products offer passwordless login at the beginning of a session, the ForgeRock Identity Platform invokes passwordless, second factor authentication any time during a session should an anomaly occur. For instance, if your laptop switches from a secure company wifi network to an unsecure network in a coffee shop, re-authentication would be invoked via a required response to a push notification sent to your phone – through a biometric TouchID, a swipe or other action – in order to maintain access to an online service. This kind of continuous security without passwords is essential for a frictionless customer experience in any number of business cases – from securing the smart car and smart home applications, to healthcare devices, wearables, mobile banking and industrial IoT situations where ease of use and the highest level of access security are essential.

“User frustration is a real concern with two-factor authentication, and a significant barrier for organizations working to create the kind of secure, seamless online user experiences that we’ve all come to expect online,” said ForgeRock CEO Mike Ellis. “With passwordless authentication now available through the ForgeRock Identity Platform, our customers can create highly secure, frictionless user experiences that will delight and engage end users, while keeping the growing number of IoT devices and data out of the wrong hands.”

Passwordless authentication not only improves the user experience, but can also increase the level of security organizations can provide to their customers while reducing cost and administrative workload. In a typical ForgeRock implementation, the first authentication step happens via the Internet. The second method is ideally completed over a separate network (out of band), which is what happens with push notifications that travel over the Apple (APNs) or Google (GCM) dedicated notification networks. These steps make it more difficult for potential cybercriminals, who would need to hack into both an individual’s laptop and mobile device to gain access to user data. Additionally, using push notifications provided through an authenticated mobile app is often dramatically less expensive than conventional token-based approaches, which are notorious for hidden costs associated with deploying hardware and software, token licenses, maintenance and help desk costs.

ForgeRock also announced several other new features today:

  • Stateless OAuth Token Support - Reduces the complexity of securing hundreds or thousands of microservices and API endpoints using industry standards OAuth2 and OIDC.
  • Common Audit Event Handlers for Elasticsearch and JMS - Simplifies the audit and analysis of complex identity activity across all applications and devices, while enabling real-time monitoring of identity activity for better security insight.
  • Identity Relationship Visualization - ForgeRock Identity Management users can now visually display all relationships to any given identity through the management console and will be represented in a graph database-style display.
  • API Protection (Rate Limiting) - A new Request Throttling filter capability in ForgeRock Identity Gateway regulates traffic volume to ensure consistent levels of service, and reduces the risk of malicious attackers attempting to disrupt a service using DoS-style attacks.
  • Encrypted Database Entries - Encrypting data while at rest protects sensitive customer information like account numbers from accidental exposure by administrators and unauthorized users. Distribution of data virtually across public, private and hybrid environments is becoming commonplace, and requires an additional level of data security.

“The speed at which organizations reap the rewards of the Internet of Things (IoT) will depend on several critical factors – one of which is getting to grips with identity management.  And demand for new options to secure digital identities will only continue to accelerate as the IoT takes hold across multiple industries,” said Martin Kuppinger, Founder and Principal Analyst, KuppingerCole. “One of the greatest challenges of access management is controlling the complex relationships between things, devices and people, whilst supporting the authentication of things. Managing millions of connected things places new demands on scalability. Organizations looking to reap the rewards of the IoT will first need to consider if their identity platform can handle the challenges involved. Because managing – and securing - digital relationships at scale requires a deep understanding of the identity management challenges that are posed by the IoT.”

For additional information, this article on the ForgeRock blog has extensive visual and written content on new features in the ForgeRock Identity Platform.

About ForgeRock

The ForgeRock Identity Platform™ transforms the way hundreds of millions of customers and citizens interact with businesses and governments online, providing better security, building relationships, and enabling new cloud, mobile, and IoT offerings from any device or connected thing. ForgeRock serves hundreds of brands like Morningstar, Vodafone, GEICO, TomTom, and Pearson, as well as governments like Norway, Canada, and Belgium, among many others. Headquartered in San Francisco, California, ForgeRock has offices in London, Paris, Düsseldorf, Bristol, Grenoble, Oslo, Sydney, and Vancouver, Washington. ForgeRock is privately held, backed by leading global venture capital firms Accel Partners, Foundation Capital, and Meritech Capital. For the latest news, information and free downloads, visit, read the ForgeRock blog, or follow us on social media:


ForgeRock |  @ForgeRock  |   ForgeRock

[1] Gartner Press Release, Gartner Says 6.4 Billion Connected "Things" Will Be in Use in 2016, Up 30 Percent from 2015, November 2015.

[2]   Forrester. How To Get Away With Murder: Authentication Technologies That Will Help You Kill Passwords. September 14, 2015.