The Passwordless Authentication market is growing rapidly, with vendors offering mature solutions that support millions of users across different industries including finance, healthcare, government, insurance, manufacturing, and retail. It is therefore essential for organizations to choose the right passwordless solution that meets their unique requirements and needs around security, user experience, and technology stack.

As will be reflected in this report, it is evident that some vendors provide nearly every feature one would need in a Passwordless Authentication service, while others are more specialized, and thus have different kinds of technical capabilities. For example, some smaller vendors are targeting mobile operators, the government-to-citizen (G2C) market, as well as small and medium-sized enterprises (SME). In other words, this Leadership Compass includes both pure passwordless players as well as those who are able to support passwordless in some form.

As smartphones and other consumer electronic devices have become increasingly prevalent, requiring login and account access from end users using these devices has proven to be essential. Therefore, enterprises and organizations are using QR codes, fingerprints, and other biometrics to enroll and authenticate their users, thereby propelling the demand for passwordless authentication.

Passwordless solutions are typically used alongside other authentication processes, such as multifactor authentication (MFA) or single sign-on (SSO) and are becoming more popular as an alternative for traditional username and password authentication. Despite improvements in authentication over the past few years, cybercriminals still use a wide range of techniques and procedures to gain unauthorized access.

Traditional MFA solutions were supposed to overcome the issue of passwords; however, the problem is that some MFA solutions still rely on a password as the first factor or backup factor for authentication. By adopting a passwordless MFA, users are protected against phishing and ransomware attacks by using authentication factors that cannot be easily obtained by attackers, thus, increasing security and convenience.

While many passwordless authentication solutions describe themselves as such, they are actually just disguised passwords with extra steps. Various solutions are still password-bound such as password managers, and legacy multi-factor authentication (MFA) solutions, which utilize passwords as a factor in their authentication process. In essence, Passwordless Authentication solutions should provide a consistent login experience across all devices, introduce a frictionless user experience, include an integrated authentication approach, and ensure that no passwords or password hashes are traveling over the network anymore.

It’s important to note that although password databases may be omitted in passwordless authentication systems, users may still have to enter passwords or PINs occasionally. Solutions that use passwords or PINs (locally) as a “last resort” for reset or authentication when other methods fail will be considered in this Leadership Compass, despite a preference for end-to-end passwordless approaches.

Overall, we expect to see further momentum. The continuing and increasing shift to remote and hybrid work will contribute to further adoption of Passwordless Authentication solutions and services by both workforce and customers. Also, the ongoing transformation of legacy IAM solutions into modern architectures with API support and flexible deployment models also plays a crucial role in this process.

What remains to be seen is if Passwordless Authentication customers can overcome old-school mentalities. Despite the promise of new security methods, many people are still reluctant to move away from traditional security methods due to user acceptance, lack of knowledge, security limitations, and deployment costs.

The criteria evaluated in this Leadership Compass reflect the varieties of use cases, experiences, business rules, and technical capabilities required by KuppingerCole clients today, and what we anticipate clients will need in the future.

Picking solutions always requires a thorough analysis of specific customer requirements and a comparison with available product and/or service features. Leadership does not always mean that a product is the best fit for a particular customer and their requirements. However, this Leadership Compass will help to identify those vendors that customers should look at more closely.