authID’s decision this month to integrate its biometric identity verification technology with
Ping Identity’s PingOne DaVinci service is a necessary step at a time when humans continue to be the weakest security link for organizations and bad actors increasingly target passwords to gain access to corporate networks, according to Jeff Scheidel, vice president of operations for the Denver-based company.
It also was the latest step in a growing effort to move enterprises and SMBs away from relying on passwords for user authentication and toward passwordless technologies, from biometrics like fingerprint scans and facial recognition to passkeys, hardware and software tokens, and one-time passwords.
The trend may be slow but it’s gaining momentum and is pointing in the right direction, Scheidel told MSSP Alert.
“From our perspective, the era of the password is over,” he said, noting the work that top-name tech giants like Microsoft, Apple, and Google have done to drive passwordless sign-in, which will align security with user experience. “Right now, we’re seeing increased adoption, especially among regulated industries and enterprises that can’t afford the risk surface passwords create.”
That said, a problem is that too many organizations still see that adopting passwordless authentication is too complex or disruptive, Scheidel said. However, he argued that tightly integrated passwordless solutions can reduce user friction and help desk interaction and sharply cut costs.
Passwordless is the Future
“In a year? Passwordless sign-on won’t just be a security best practice, it’ll be a business imperative,” he said. “And we believe biometric identity, not just device trust, will be the gold standard.”
The global market for passwordless technologies is expected to expand to
$60.34 billion by 2032 from $18.82 billion last year, driven by the IT industry's transition from unreliable passwords. Traditional passwords are vulnerable to phishing, now more convincing with the help of AI, as well as reuse across multiple accounts, brute force attacks, and the sheer volume of credentials users must manage.
Microsoft’s Vasu Jakkal, corporate vice president of security, and Joy Chik, president of identity and network access, wrote in a blog post in May that last year, Microsoft threat analysts saw
7,000 password attacks per second, more than double the rate from 2023, and that as “passkeys become the new standard, expect increased pressure from cyberattackers on any accounts still protected by passwords or other phishable sign-in methods.”
Passkeys, Biometrics, and Other Tools
IT companies like Microsoft, Google, and Amazon continue to expand their use of passkeys for user accounts, the FIDO Alliance continues to push for more security identity authentication methods, and other vendors are pushing their own products and services.
Partnerships likely will also continue to expand. authID’s Scheidel called Ping’s PingOne DaVinci, which was released in 2022, a “game changer.”
“It’s a no-code orchestration engine that lets enterprises build secure, seamless identity flows across their digital ecosystem,” he said. “For us, the partnership benefit was obvious. By integrating authID’s biometric identity verification into DaVinci, we’re giving customers the ability to deploy passwordless, identity-first authentication in minutes instead of months. That’s powerful. It’s seamless to the users and the admins, and it’s the standard for security.”
Other Vendors in the Game
authID has taken other steps recently. In April, the company said cybersecurity services firm will train its employees on authID’s platform as a way to convince others to adopt passwordless technologies security password biometric and authentication platforms.
The same month, it joined the Security Technology Alliance to accelerate the creation of global identity standards for authentication technologies.
Security firm
RSA also
expanded its passwordless solutions portfolio this month, including offering passwordless support for Windows Desktop Login and Entra ID in its ID Plus platform – with more Entra ID support coming in July – and letting users enroll in its new RSA mobile passkeys and other multifactor authentication (MFA) methods through a one-step enrollment process.
Additionally, the month also saw,
OneSpan – whose anti-fraud platform supports MFA and electronic signature software
– bought Nok Nok Labs that expands its investment in FIDO authentication and will support organizations that want to move away from passwords.
The month LAO saw
OneSpan — known for its anti-fraud platform supporting MFA and electronic signatures —
acquired Nok Nok Labs, expanding its investment in FIDO authentication and strengthening its support for organizations looking to move away from passwords.
MSSPs, MSPs Benefit
The transition away from passwords is also an important trend for MSSP and MSPs, authID’s Scheidel said. The work with many organizations – particularly those in the mid-market and SMB segments – and offering more security authentication methods in their services is important to their customers, both for protecting them and ensuring they comply with the growing number of government regulations.
“Identity protection can’t be siloed,” he said. “It has to be integrated into every aspect of managed services. And as users migrate throughout a larger corporate ecosystem, they must be continually verified, as a defense against account takeovers. ... Adoption is really about reducing account takeover, cutting help desk costs, and increasing workforce productivity. We're actively working with MSSPs and MSPs to embed strong, biometric authentication into their service models, so they can differentiate in a crowded market.”
