Everyone talks about it but no one provides you with a way of getting rid of passwords for good across all of your channels. Just adding biometric authentication to your mobile app doesn’t get rid of passwords. Your users will still need passwords when they switch to a new mobile device and before they enroll for biometrics on that device. Users will also need passwords when they log in from other devices such as their desktop, laptop, or tablet. To truly get rid of passwords you need an architecture that takes all the different password-based processes into consideration.
Mobile Biometrics and Passwords
Mobile biometric authentication is a good first step in getting rid of passwords. Transmit allows you to easily add finger, face, voice and other biometric and non-biometric authenticators that replace passwords on the mobile device. However, this does not completely get rid of passwords. When users go to other channels or log in from new devices, passwords will still be needed.
Getting Rid of Passwords on the Mobile Device
In order to get rid of passwords on the mobile device, you need a way of authenticating users when they enroll a new mobile device, when they reset their device, when some hardware on the device such as the camera or the fingerprint reader stops working, or when they get locked out of biometrics. Many of the mobile authenticators such as fingerprint cannot be used for all the above use cases as the biometric data is kept on the device itself. By creating a centralized database that consists of behavioral data and mobile trust models, Transmit Security is capable of authenticating users even when the mobile device needs to be enrolled or re-enrolled.
Getting Rid of Passwords on the Web Channel
The best way of getting rid of passwords on the web channel is through the mobile device. Imagine the following: a user accesses your web application from a laptop, desktop or tablet and an authentication request immediately shows up on the user’s mobile device. Using fingerprint authentication or just a simple swipe on the mobile device, the web application immediately logs the user in without the need to enter a password or any authentication details. Similarly, when the customer performs a transaction or any operation that requires secondary authentication, a message shows up on the user’s mobile device with an authentication request. Using fingerprint, face, or voice they can approve the request and move on.
Not all of your users can or will eliminate passwords at the same time. Therefore supporting a hybrid mode where some users log in with passwords and others are migrating to a password-less experience is required. Transmit’s programmable authentication allows you to support all these scenarios from a central interface or an API and without touching the applications themselves. You can decide which users will be offered a password-less experience based on any attribute you can think of. And more importantly, you have a unified interface for managing both password and non-password based authentication.