Eliminating Enterprise Passwords Is Now Possible
ForgeRock Announces Major Expansion of Passwordless Capabilities with the Introduction of Enterprise Connect Passwordless
Ten years ago, the launch of the FIDO Alliance spurred industry-wide interest in passwordless authentication. In the years since, we've seen a lot of progress on the path toward passwordless including ForgeRock being the first major IAM platform to offer support for FIDO2 Web Authentication (WebAuthn). Now the world's largest device, browser, and operating system manufacturers have jumped on board with support of passkeys. The good news is that more and more consumer websites are introducing support for passkeys. Even better news: it all is becoming simpler and more convenient for the user, and security is vastly improved at the same time — a huge win-win and growing optimism that passwords can be eliminated once and for all.
However, progress in fully eliminating passwords has hit stumbling blocks. Common challenges across enterprises involve integrating legacy applications that will always require a password, migrating user bases gradually at their pace of readiness rather than a big bang approach, and account recovery processes when a device is lost or stolen. Solving these challenges requires more than just having authentication that supports passwordless, but also requires an IAM platform that offers real-time user access orchestration and integration into everything from legacy to modern applications.
Today, I'm thrilled to announce a major step forward on the path toward a completely passwordless world and the realization of ForgeRock's vision of a world where you never login again. ForgeRock Enterprise Connect Passwordless expands on our leading passwordless solution and provides simple integrations to solve enterprises' most complex, often legacy-based, use cases.
According to Gartner, by 2025 more than 50% of the workforce and more than 20% of customer authentication transactions will be passwordless, up from less than 10% today.
Gartner, "Take 3 Steps Toward Passwordless Authentication"Refreshed 22 February 2023, Ant Allan, Published 19 October 2021. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Enterprise Connect Passwordless is integrated into our ForgeRock Identity Platform and protects the most commonly used and vulnerable enterprise resources, such as servers, workstations, remote desktops, and VPNs. It helps proactively defend against cyber-attacks and unauthorized access by providing a more secure passwordless login experience.
Eliminating Passwords in Stages
With ForgeRock, you can move to passwordless at your own pace without facing an all-or-nothing proposition. There are multiple possible stages, each providing a better user experience and simultaneously improving security.
For purists out there, you would say this is not passwordless — and I can understand this point of view. However, providing support for biometrics, such as Face ID or Touch ID, as a second factor in MFA is considerably better than the alternatives, such as one-time passcodes transmitted over SMS text messages, which NIST deprecated in 2017. We recommend customers take this step no matter where they are on the passwordless journey.
One of the biggest threats involving passwords comes from users knowing their passwords, which can then be compromised. The idea behind a passwordless experience is removing user knowledge and interaction with passwords, while there still may be passwords involved somewhere in the equation, particularly in legacy applications. The reality is that this stage of passwordless is likely where enterprises will be for some time while there are so many applications that simply are not ready for passwordless. But that's ok — if there is nothing to phish or brute force, then that is significant progress. Our new Enterprise Connect Passwordless offering delivers exactly on this promise.
The holy grail, the point where there are no passwords anywhere in the enterprise. We expect this to occur much faster in the world of consumer identity (CIAM) because typically there are far fewer applications involved and we expect them to support passwordless sooner. ForgeRock is ready to support this now with our leading passwordless solutions.
A Complete Platform Approach to Achieving Passwordless
No matter the approach planned, having a complete IAM platform that provides flexibility to support your passwordless journey is critical. In addition to supporting a variety of authentication methods, the platform must be capable of orchestration to gradually move users to better and more secure experiences, and also integrate into all types of enterprise resources.
The ForgeRock platform supports an expansive set of authentication methods, such as FIDO2 WebAuthn, passkeys, Oath, push, one-time passcodes (OTPs), biometrics, and others, to enable passwordless using mobile authenticators, smart cards, biometric devices, digital certificates, platforms (Apple ID and Microsoft Hello), browsers, and applications.
With ForgeRock's identity orchestration capabilities, you can tailor drag-and-drop passwordless authentication journeys to provide both strong security and a better user experience. For example, the authentication process can include analyzing risk signals, such as device ID and IP address, as part of the passwordless login process. Organizations can create these journeys with little or no code using pre-built nodes, and reuse these nodes to provide passwordless authentication.
Building on top of ForgeRock's already rich integration technologies — including broad identity standards support, software development kits, web and Java agents, and Identity Gateway — ForgeRock Enterprise Connect Passwordless integrates with an extensive list of components in the enterprise infrastructure, including Windows, Mac and Unix workstations and servers, RADIUS-based authentication, Remote Desktop (virtual and Windows), VPNs, databases, mainframes, Lightweight Directory Access Protocol (LDAP), Representational State Transfer (REST) APIs, and many more.
Realize the Benefits of Passwordless With ForgeRock
The goal of our passwordless strategy is to enable you to mitigate one of the biggest security risks your organization faces — passwords — while delivering great user experiences. We think we've done that with Enterprise Connect Passwordless for our workforce customers and, with our support for WebAuthn and passkeys, for our CIAM customers. Now, customers can realize the benefits of better protection against breaches and drastically reduced costs as a result of far fewer help desk tickets and a reduction in lost productivity.