Passwordless Authentication

Improve your organizational security posture by eliminating passwords.

Passwordless Authentication

Why Passwordless?

Bring your organization into the future with passwordless authentication. New standards like the W3C Web Authentication API (WebAuthN) and Fast Identity Online (FIDO) are enabling passwordless authentication across platforms.

No one will miss passwords! You can make the login process easier by leveraging biometrics, security tokens, and mobile devices. Using these techniques you can reduce the risk of stolen credentials and prevent phishing–the two most common ways hackers can get into your organization.

Better User Experience

Did you ever try to put a long password with lots of special characters into your mobile phone? It’s not fun.

With passwordless login, many people actually save time during login.  You also don’t need to bother people to periodically set new complex passwords–a ritual that actually degrades security. 

But the best thing about passwordless login flows… they are fun. When technology works, it seems like magic. Enabling us to ditch password increases the happiness factor of your organization’s digital transformation.

Improved Security Posture

A risk matrix takes into account the likelihood of an event, and the severity of the harm. For example, if a risk is unlikely and the impact is marginal, you should minimize the mitigation effort. The risk matrix analysis of passwords however should be of concert to all organizations.

Passwords are regarded the top attack vector responsible–the root cause of the most security breaches. So the lilkelihood of password breach is high. Also, the impact of password breaches can be catastrophic.

For this reason, mitigating the risk of a password breach has the single best ROI for organizational security. Think about it, would you rather prevent or detect a breach? 

Reduce IT Support Costs

By making sure that people enroll two strong credentials, you can avoid people having to call the support desk for account recovery, which is both expensive and bad for security (i.e. susceptible to social hacking).

Gluu Casa is a self-service portal that enables people to remove lost credentials and to enroll new credentials quickly and efficiently. 

Which passwordless technology is right for you?

Organizations have different needs with it comes to authenticators. Gluu offers multiple methods that work seamlessly with your Gluu Server.

Mobile Phone

Using the free Super Gluu iOS or Android app, people can enroll their phone and approve authentications via a mobile push notificaiton. This feature can also be paired with a PIN or biometric 2nd factor.

Super Gluu is a free and secure two-factor authentication (2FA) mobile app.

Super Gluu is tightly bundled with the Gluu Server identity and access management platform, and can be used to achieve 2FA for web and mobile applications that leverage Gluu for authentication.

Read the Docs


Sign in with your face! Using server side hashing algorithms, this is both secure and privacy protecting. Built in liveness-detection insures that you're the real you!

BioID Web Service is a "Biometrics as a service" provider. This document will explain how to use Gluu's BioID interception script along with a Plugin in Casa to enroll a user's biometric traits and use it is as a method for 2FA.

Read the docs

Security Keys

Replace passwords with a security key using multifactor authentication.

Enroll at least two different types of 2FA credentials -- e.g. one U2F token and one OTP app; or one OTP app and one SMS phone number, etc. This way, regardless which device you're using to access a protected resource, you will have a usable option for passing strong authentication.

Read the Docs

Want to chat or see a demo?

© 2009-2021 Gluu, Inc.

Follow Us: