Term · 27. Emerging Categories 2024-2026

Passwordless Authentication

IDM/IGA Domain

AuthN FIDO NIST eIDAS Introduced by: Big4 (Deloitte / PwC / EY / KPMG) Introduced by: Gartner

Definition

Authentication without passwords, using phishing-resistant factors: FIDO2 passkeys, hardware tokens, biometric authenticators, magic links, or push-notification approval. Eliminates entire categories of attacks (phishing, credential stuffing, password spray) and reduces operational cost (password resets = ~$70/incident per Gartner). Strategic 5-year goal for many CISOs.

Application: Regulatory: FIDO Alliance — FIDO2 / CTAP2 · NIST SP 800-63 (Digital Identity Guidelines) · eIDAS 2.0 — Regulation (EU) 2024/1183

MidPoint: Passwordless authentication is an authentication that does not use passwords, or similar knowledge-based credential.

Standards & regulations

FIDO
NIST
eIDAS

Related terms

Authentication (AuthN)

Process of verifying that a principal is who they claim to be. Three classic factors: knowledge (password, PIN), possess …
Frictionless Access

User experience principle for IAM systems — granting authorised access with minimal explicit user effort while maintaini …
Multi-factor Authentication (MFA)

Authentication requiring two or more independent factors from different categories: knowledge (password), possession (ph …
Singpass (Singapore National Digital Identity) (Singpass)

Singapore's national digital identity platform operated by GovTech, used by citizens and residents for access to 2,000+ …
Credential

Data presented to authenticate or authorize — password, token, certificate, biometric, API key. NIST SP 800-63 distingui …
Ephemeral Identity

Workload or AI agent identity with very short lifetime — created on-demand for a specific task or session, destroyed whe …

← Back to glossary · Open in main list