Skip to content

Passwordless Authentication

Passwordless authentication is a modern authentication method that eliminates the need for users to remember, store, and manage traditional passwords. Instead, it leverages alternative factors such as biometrics, hardware tokens, or one-time passcodes (OTPs) to verify a user's identity. Passwordless authentication enhances security by reducing vulnerabilities associated with password theft, phishing attacks, and weak password practices. It also improves the user experience by providing a seamless and quicker authentication process.

Passwordless authentication is designed to provide

  • Seamless Authentication without the need for passwords, using methods like biometrics, hardware tokens, or magic links.
  • Increased Security by eliminating password-related vulnerabilities such as reuse, weak passwords, or phishing attacks.
  • Frictionless User Experience by simplifying the login process and reducing the cognitive load of managing multiple passwords.
  • Enhanced Compliance by meeting security and regulatory standards for authentication.

Use Cases for Passwordless Authentication

1.Consumer Applications (Mobile & Web Apps) - In consumer-facing applications, passwordless authentication allows users to authenticate using biometrics (like fingerprint or facial recognition).

Example: A user logs into their online banking app using their fingerprint or Face ID, bypassing the need for a password. This provides a faster, more secure experience.

2.Enterprise Workforce Authentication - In enterprise environments, passwordless authentication can be integrated into employee login workflows, allowing access to corporate applications using biometric authentication, security keys.

Example: Employees access the corporate VPN by authenticating with a security key, by eliminating the need for a traditional password.

3.Access to Sensitive Systems and Resources - Passwordless authentication provides a more secure access method to sensitive applications, such as financial systems or healthcare databases, where high security is crucial.

Example: A healthcare professional accesses a patient database using a biometric scan (e.g., fingerprint or iris scan), ensuring only authorized users gain access to confidential data.

4.Integration with Third-Party Identity Providers - Passwordless authentication can be integrated with third-party identity providers like Google or Apple, where users authenticate via their existing credentials (like a Google account) without the need for a password.

Example: An e-commerce platform allows customers to log in using "Sign in with Google" or "Sign in with Apple" options, providing a secure and seamless authentication experience without passwords.

5.Secure Remote Access for Contractors and Partners - Passwordless authentication can be used for external partners, contractors, or consultants who need secure access to enterprise systems without the complexity of password management.

Example: A contractor accesses a company’s project management tool using a security token, allowing them to work on the project without requiring a password.

Instasafe offers mainly 2 categories of passwordless authentication

  1. FIDO compliant hardware keys
  2. Digital Certificate authentication

1.FIDO Compliant Hardware keys

This includes both Biometric and hardware keys.

Biometric Authentication:

It Uses the user’s biometric data (fingerprint, face recognition, or iris scan) to authenticate the user.

Hardware keys:

The user uses a security key (like a USB security token) to authenticate.This method relies on public key cryptography, which is resistant to phishing and other attacks.

2.Digital Certificate Authentication

Didgital Certificate authentication is a method of authentication where digital certificates are used to verify the identity of a user or device without the need for traditional passwords. This method relies on Public Key Infrastructure (PKI) technology, where a public-private key pair is associated with a digital certificate. The private key is securely stored on the user's device (e.g., hardware token, smart card, or encrypted file), and the corresponding public key is registered with the service or system.

Configuring Passwordless Authentication

  • Login to the instasafe console as an admin
  • Click on AUTHENTICATION PROFILE >> Passwordless
  • Click on Add Button

  • Enter a Profile name and Select primary Auth as Hardware key and Fallback Passwordles Auth option as password.

  • Click on the Save and Add New button

  • Now the profile will list over the passwordless page

  • After the successful creation of a passwordless Profile that can be used for a single user or a User Group.
  • To assign that passwordless in the user profile click on USERS & GROUPS >> Users
  • Search for the user and select the user which will be assigned to a passwordless profile
  • Click on the Edit button

  • Click on the Authentication Profile and select the passwordless profile which was created earlier.

  • Click on the Update button to save the Authentication profile of the User as passwordless.

  • To assign that passwordless in the UserGroup profile click on USERS & GROUPS >> Users
  • Search for UserGroup and select the UserGroup which will assign to a passwordless profile.
  • Click on the Edit button

  • Click on the Authentication Profile and select the passwordless profile which was created earlier.
  • Click on the Update button to save the Authentication profile of UserGroup as passwordless which will apply to all the members of the group as passwordless authentication

  • Login to the instance console with the user which enabled passwordless Authentication
  • Click on the profile icon. Then click on the MFA option

  • Now click on the Resister key under FIDO Keys

  • For Windows hello option will display user can choose either the hello option or the Hardware key by clicking on the use another device option

After verifying/adding the hello it will save and allow the user to login via passwordless

  • After the successful registration of the hardware key, Hardware key registered successfully message will display

Console Login Through The Passwordless Hardware Key

  • After successfully registering the hardware key, when the User logs in Next time, it will directly ask for the Hardware key instead of the password

  • The user will log in to instasafe after verification of the Hardware Key

Configuring Passwordless Authentication with Digital Certificate

  • Login to the instasafe console as an admin credential
  • Click on AUTHENTICATION PROFILE >> Passwordless
  • Now click on Add Button

  • Enter a Profile name and Select primary Auth as Digital Certificate and Fallback Auth option as password
  • Now click on the Save and AddNew button

  • Now the profile will list over the Passwordless page

  • After the successful creation of a passwordless profile, it can be used for a single user or a User Group.
  • To assign that passwordless in the user profile, click on USERS & GROUPS >> Users
  • Search for the user and select the user which will be assigned to a passwordless profile
  • Now click on the Edit button

  • Now choose the passwordless profile with a digital certificate.

Installation Process of Digital Certificate

  • Login to the instasafe console with the user for which the passwordless digital certificate authentication is configured.

  • Enter the password and click on sign in

  • After Successful login Navigate to the Download section in the Dashboard Menu
  • Download the instasafe web agent

  • Install the web agent to set up the digital certificate

  • Enter the credential of a user for which the digital certificate is configured and click on login

  • After the Successful installation of the agent installation, a success message will appear
  • Then click on the ok button of the pop-up message

Instasafe Agent access with Digital certificate

  • After the agent is installed, the digital certificate will be installed on the computer.
  • Enter the URL in the browser
  • A certificate prompt will open for Digital certificate passwordless authentication click on ok

  • After clicking on the ok, the login page will appear.

  • Now enter your username and click on sign in.

  • The user will be directly redirected to the dashboard page without asking for any password

Instasafe Agent access with Digital certificate

  • After the installation of the agent when the user tries to log in next time Then the certificate will appear
  • Select the certificate and click on ok for passwordless digital certificate-based login

  • Now enter the username which is configured for passwordless and click on sign in

  • After sign-in, the user will connect to the agent successfully without asking for the Password

Comments