Okta Passwordless Authentication

Current authentication methods deliver poor security, sub-optimal user experience, and increase support costs.

81%

of hacking related breaches used either weak or stolen passwords
— Verizon Data Breach Report 2017

12.6 mins/week

Average time spent entering or resetting passwords per week per employee
— Ponemon Authentication Report 2019

Security

Reduce or even eliminate a majority of password-based attacks, including phishing, credential stuffing, etc.

User experience

Cut authentication time and deliver a seamless experience of up to 50%*.

^{*Google I/O 2018 Survey}

Total cost of ownership

Drive efficiency and create happy support and IT organizations by reducing password management operational costs.

The conversation with the group security people has changed recently. It used to be about passwordless being insecure and that they needed passwords, to the realization that passwords are not secure.

-Mark Cameron, UK, enterprise IT architect at Zurich Insurance.

Passwordless authentication options for every use-case

Customer Identity

Provide seamless auth experiences and reduce security risks for your customers while reducing your organization's support costs.

Email-based magic link
Factor sequencing
WebAuthn

Workforce Identity

Improve employee productivity while reducing risks of data breaches and IT help desk costs.

Email-based magic link
Factor sequencing
WebAuthn
PIV/Smart-Card (x509 based)
Passwordless with Device Trust
Desktop single sign-on

Email magic links

Simply click on a link embedded in a verified email to validate the request, and continue the login process.

Ideal for passwordless authentication into applications that require infrequent authentication, access from any device, or when you need to. Bootstrap users into higher assurance passwordless authentication or login without passwords from any device. This feature is available in Okta Identity Engine.

Email magic links are easy-to-use, cost-effective, and reduce your time-to-market.

_{Applicable for Workforce and Customer Identity}

Factor sequencing

Factor sequencing allows you to authenticate using one or more high assurance factors. Dynamically alter the authentication experience by using high assurance factors like Okta Verify with risk-based-auth to remove the need for a second factor.

Factor sequencing offers a high level of assurance.

Explore factor sequencing ›

^{Applicable for Workforce and Customer Identity}

Passwordless Authentication - factor sequencing

WebAuthn

WebAuthn is a standards-driven approach to passwordless authentication. Use authenticators like Yubikeys or TouchID to authenticate into your applications. Best of all, there is no back-and-forth credential sharing needed.

Use WebAuthn to stop all password-based identity attacks and deliver a cost-effective, seamless authentication experience.

Explore Webauthn ›

^{Applicable for Workforce and Customer Identity}

PIV/Smart-card (x509 based)

Use PIV/Smart-cards (or any x509 supported cards) to authenticate in Okta or any apps integrated with Okta without passwords.

PIV/Smart-card based authentication is ideal for customers in regulated industries (healthcare, banking) or governmental organizations.

Explore PIV/Smart-cards ›

^{Applicable for Workforce Identity}

Passwordless with Device Trust

Okta’s Device Trust integrates with leading endpoint management systems to deliver a passwordless login experience on desktop and mobile. When you utilize a unified endpoint management (UEM) vendor that can integrate it’s own identity capabilities into Okta, you are able to both enforce device security and deliver a seamless login experience for users.

Explore Device Trust ›

^{Applicable for Workforce Identity}

Desktop single sign-on

Use passwordless authentication to login to Okta on machines joined on your Active Directory domain (Windows and macOS). Okta offers agent-based (using Okta IWA) or agentless (using cloud based Kerberos) approaches.

Log in to machines with your Active Directory credentials → open an Okta managed app on browser or modern auth desktop apps → login with no username or password prompt.

Explore desktop SSO: IWA › and Agentless ›

^{Applicable for Workforce Identity}