The Journey to Passwordless Authentication
Historically, challenge-response authentication using a singular password has been one of the primary mechanisms leveraged by organizations to positively verify an identity for authorization. However, following this model of a singular transaction for authentication, without additional identity verification requirements, could create substantial risk to an organization.
As attackers adopted more sophisticated tactics for compromising identities, new controls and methodologies were introduced to help mitigate risk. The most common control that many organizations have adopted is the requirement for multi-factor authentication (MFA), a concept that combines two or more independent methods to positively verify an identity.