Why do we need Passwordless MFA anyway?

With many authentication products in use today, what makes passwordless authentication different?


While many businesses still rely on passwords or are using a combination of password and two-factor authentication, these techniques simply can’t deliver the level of security required today and they are being compromised increasingly in attack after attack. Passwords can be stolen through phishing, social engineering and malware attacks. Phones can be stolen, spoofed and cloned offering criminals an open door to your systems. Shared secrets, SMS and push messages are vulnerable to malware and can be intercepted.


Data compromises lead to a number of significant adverse financial and reputational impacts for today’s organizations. The cost is being counted in lost customer confidence, damaged reputations and increasingly onerous fines with many organisations also unknowingly wasting millions in lost productivity and avoidable administrative costs.


Now is the time to act to properly protect your users and your data by changing the way your users validate and authenticate themselves. Building a zero-trust security architecture starts with passwordles Multi-Factor Authentication. Implementing the right solution will provide the essential part of secure access – the ability to verify and validate users to ensure they are who they say they are.

Why is Passwordless Multi-Factor Authentication Needed?

More security

Over recent years, tens of billions of data records have been compromised and billions of dollars have been fraudulently obtained. The root cause in many cases is the compromise of the humble password or shared secret. It provides the attacker with practically all they require to be successful in their goals.

It is not that difficult for an attacker to steal a password. Every time you use a username and password to authenticate to a website or a web application the credentials for that particular login has to be transmitted across a network such as the Internet to validate both username and password. As you have no control of the security from the point of sending your credentials, it is not possible to guarantee security.

Data transmissions can often be captured, and even secure web connections can still fall foul of Man-in-the-Middle attacks. Further to this, the webserver itself may be holding thousands of usernames and passwords, creating another attack target.

The problem goes further. We are human. We often find more “effective” ways to use and manage our passwords, such as writing them down so that they are not forgotten, sharing them with colleagues to help in a particular situation. We also fall victim to social engineering and phishing attacks.


These known problems and vulnerabilities can be eliminated quickly by adding something to the password such as an additional factor, or better still, by removing the password all together and implementing a far better solution.

idenprotect’s passwordless MFA is an essential and effective control that properly verifies and validates your users and ensures that there can be no attacks against vulnerable passwords and shared secrets. idenprotect uses a device’s internal security hardware to create a tamper-resistant vault where the user’s private key is stored.

With this approach, even a device’s own operating system cannot force a breach and it is impossible to copy or remove the key. Working together with biometrics, the private key replaces the password to deliver security of a higher standard than that of traditional hardware tokens and smartcards, which will no longer be required.

idenprotect is different from other vendors’ offerings in terms of security and usability. We enforce strong authentication at all stages so that potential opportunist attacks are thwarted, we also provide user initiated authentication that prevents users responding to bogus push alerts. In addition, security contexts such as biometrics, location information and device information ensures that the likelihood of a successful impersonation attack is eliminated.

2FA v MFA – What’s the Difference?

2FA uses two factors of authentication. MFA requires a combination of multiple authentication factors. The rule of thumb is that the more factors that are added to an authentication process, the more assurance can be gained that the person is who they say they are, therefore increasing security. However, obtaining additional factors can have an impact on usability.

What are Authentication Factors?

Authentication Factors are the bits of data that a human or device can provide in order to validate their identity to a computer or application. There are several factors that can be provided for authentication and can be added together to provide better proof of who the user is.

The Knowledge Factor

Identifying a person through something only they know such as passwords, secret words or codes. Widely used over several centuries as a way to prove a person is who they say they are and later added to the computer to provide the same user validation process, it has remained a vulnerable factor and the weak link in access security.

idenprotect is password-free so doesn’t rely on the knowledge factor from the human, thereby reducing the risk of a data breach.

The Location Factor

Identifying a person through where they are currently located. If a user is logging in from a trusted location, then access may be granted or if from an untrusted location then access may be denied. It is also possible to use the location factor to determine whether a person has logged in from multiple locations that are geographically distant from each other within a short period of time, for example, a user that logged in from London then logs in two hours later from Sydney.

idenprotect have geolocation policies to identify where the user is and whether they should be allowed access or not, providing a location factor.

The Possession Factor

Identifying a person through something that they have, for example, a secure chip on a mobile device, a hardware token, a password or driving licence. Dedicated security hardware that is used for adding a possession factor can be expensive to maintain and support as well as having a negative impact on usability.

idenprotect uses the Secure Enclave and Trusted Exaction Environments that are already present within today’s mobile and computer devices to create a “key” vault that replaces the password. Both the key and the secure chip are possession factors.

The Inherence Factor

Identifying a person by a unique human characteristic, for example, their fingerprint or their voice. These unique attributes provide validation of the user’s identity and as everyone’s biometric data is unique, it provides a good security control in identifying trusted users.

idenprotect uses biometrics to validate the user via their unique human characteristics.

The Time Factor

Identifying a person based on the time they usually access their device or applications. This factor relies on predicting when the user normally obtains access. If one single time event significantly differs from a set of previous consistent time events, it may be an indication that the user is not who they say they are.

idenprotect can be configured to use time factors to allow or deny access.


Passwordless MFA for Everyone

Complex and sophisticated attacks designed to capture passwords to allow easier access to your client’s sensitive data, communications and financial deposits.


Always-on Authentication

You need to provide a secure yet easy to use authentication and access solution that users will want to use across all applications and systems.


Quick and Simple

You need to protect users logon accounts and access to minimise the risk of a data breach.


Different Authentication Methods

idenprotect supports alternative authentication methods when users are offline or don’t have their phone, or when an app requires a different level of authentication.


Enhanced Zero-Trust Security

idenprotect doesn’t grant access until it knows exactly who you are using biometrics and a securely held private key that no one can access or steal.


Security that Works for You

idenprotect is easier to implement and easier to use than most other 2FA and MFA solutions on the market.

What idenprotect can do for you


Prevent credential compromise by eliminating passwords

Over 80% of data breaches are a result of compromised passwords. idenprotect’s advanced public-key cryptography and decentralized security model replaces password-based authentication, therefore reducing risk.


Provide a simple and seamless user experience for all users

Free up your user’s time to work on more important things once they no longer have to face the frustrations and complexities of logging into multiple applications with multiple passwords on
a daily basis.


Securely validate all user identities to prevent unauthorised access

Using real-time smart intelligence to build a deeper context of who the user is, the device they are using, where they are located at time of access and any changes in their immediate environment that may pose a security risk.