FAQ

Welcome to the Passwordless FAQ. Wether you are just beginning your authentication initiative or are an industry expert our FAQ provides an overview of passwordless technology, standards, and implementation.

This FAQ is for general concepts driving next-gen user authentication. Are you looking for information about the HYPR platform? Head to our Knowledge Base.

For topics related to setting up and using HYPR, check out the End User Guide.

Questions about security? Read the HYPR Infosec FAQ.

 

Jump to a topic:

Passwordless Technology

 

What is Passwordless authentication?

Passwordless authentication is an authentication method in which a user can log in to a computer system or an online service without being required to enter a password or knowledge-based secret to gain access. Going further, modern methods such as  “true passwordless” authentication involve the use of a cryptographic key pair to authenticate a user.

 

How does passwordless authentication work?

With passwordless authentication, a person uses their smartphone, hardware token, or computer instead of a password to access local and online services. In either case, their personal device is used in concert with public-key cryptography (PKC) to enable secure authentication to the system. Most passwordless methods combine some form of multi-factor authentication (MFA) into the system. To learn more, check out our passwordless authentication resources.

 

How does passwordless mobile and web login work?

Mobile passwordless authentication works by combining the authenticators and security features of regular smartphones with public-key cryptography (PKC). The mobile device serves as a secure digital key into services like a smart card, and extends passwordless login to web applications. The use of FIDO2 web authentication standards allows a user to leverage multiple types of mobile authenticators and modalities. Users may initiate the login process on their smartphone and are instantly logged into the web application using their preferred method (e.g Touch ID, Face ID, or PIN). To learn more, watch demos of passwordless web login.

 

What are some examples of Passwordless authentication?

Examples of passwordless authentication range across consumer, workforce, and government use cases. For personal use these may include mobile payments, banking, insurance, and healthcare applications. In the workplace, dominant examples of passwordless login are single-sign on (SSO), remote access and workstation login. Find out the Top 10 passwordless use cases.

 

Is passwordless authentication safe?

Yes, modern technology advances have enabled businesses to move away from password-based authentication methods. “True passwordless” authentication — where there is no password or other shared secret between the person and the service —  is widely considered far more secure than password-based authentication. Industry leaders such as Google have proclaimed the end of passwords and are driving open standards forward to increase adoption.

FIDO Standards

 

What is the FIDO standard?

The FIDO standard applies to the open authentication standards of the Fast Identity Online (FIDO) Alliance, an industry consortium of technology leaders who have assembled to make online access secure and seamless by eliminating passwords and other shared secrets. The FIDO standards have been used to enable Strong Authentication in mobile, web, and desktop applications. FIDO standards include the UAF, U2F, and FIDO2 WebAuthn standards, and are deployed at scale across a variety of consumer and enterprise use cases. Learn more about FIDO Authentication.

 

How does FIDO work?

FIDO authentication works by replacing shared secrets between the service and the person, replacing these untrustworthy legacy relationships with public-key cryptography (PKC). To do this FIDO leverages the use of “authenticators” such as hardware tokens or smartphones to enable passwordless access into other devices and services, or what FIDO refers to as a “relying party.” According to the FIDO Alliance website,

“The FIDO protocols use standard public key cryptography techniques to provide stronger authentication. During registration with an online service, the user’s client device creates a new key pair. It retains the private key and registers the public key with the online service. Authentication is done by the client device proving possession of the private key to the service by signing a challenge. The client’s private keys can be used only after they are unlocked locally on the device by the user. The local unlock is accomplished by a user–friendly and secure action such as swiping a finger, entering a PIN, speaking into a microphone, inserting a second–factor device or pressing a button.”

 

What is FIDO2?

FIDO2 is the latest open authentication standard championed by the Fast Identity Online (FIDO) Alliance. FIDO2 enables users to more easily authenticate to online services, mobile and desktop applications, and a variety of enterprise use cases – without the use of passwords. The FIDO2 specifications has been adopted by the World Wide Web Consortium’s (W3C) as the Web Authentication (WebAuthn) specification, as well as the FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).

In many ways, FIDO2 is the technical foundation upon which service providers build passwordless authentication experiences.  FIDO2-based solutions deliver passwordless authentication by leveraging embedded or roaming devices and their authenticators. These communicate with supported web browsers and applications over different communications protocols for secure, quick access

 

What is WebAuthn?

Web Authentication, or WebAuthn is a component of FIDO2, a leading open standard for authentication. The standard has been adopted by the World Wide Web Consortium’s (W3C) as the dominant method for password-less web-based login. WebAuthn provides a uniform standard for secure, passwordless access to web-based applications, allowing a supported web application to communicate with a user’s browser, smartphone, or platform authenticator to grant access securely and quickly. Learn more about WebAuthn.

 

What is the FIDO Alliance?

The Fast Identity Online (FIDO) Alliance is an industry consortium of technology leaders who have assembled to make online access secure and seamless by eliminating passwords and other shared secrets. The Alliance consists of board members such as Microsoft, Google, HYPR, and many more who work together to develop and advance authentication standards that help reduce the use of password-based authentication.

 

How do I implement FIDO or Web Authentication?

HYPR provides FIDO Certified SDKs, documentation and reference applications for you to implement passwordless web authentication.

 

What is FIDO Certification?

FIDO Certified products are software solutions that have undergone rigorous testing around security, usability, and scalability. Certification by the FIDO standards body, or lack thereof, speaks to a solution’s enterprise readiness and deployability. While all FIDO Certified products adhere to similar standards, the solutions vary in speed, usability, and accessibility. Read the FIDO guide to learn more about comparing FIDO products.

 

Company

 

When was HYPR founded?

HYPR was founded in 2014 by a team of technology and security professionals. Learn more about our founding team.

 

Where is HYPR located?

HYPR is headquartered in New York City, with a global team presence Across North America, EMEA, and Asia. 

 

How can I join the team?

HYPR is always looking for talented, driven individuals for software development, sales, and marketing roles. Begin you Careers at HYPR.

 

Who are your investors?

HYPR is backed by institutional investors and industry leading enterprises such as Comcast, Mastercard, and Samsung. Investors include BoldStart, RRE, Mesh, Allen & Co, .406 Ventures, AVG, and more. Learn more about our $18M Series B.

 

Does HYPR have a partner program?

The HYPR Velocity Program brings best-in-class passwordless authentication to a broad range of technology partners, systems integrators, Managed Service Providers, distributors and resellers. Get education, training, and early access to the latest in passwordless innovation.