In the modern digital landscape, passwords have become more of a security liability than a protective measure. In 2024 alone, credential abuse was the top attack vector, accounting for 22% of publicly reported cyberattacks (source: Verizon 2025 DBIR). Credential abuse isn't just about weak or reused passwords; it's about a fundamental vulnerability that attackers are constantly exploiting.
The old system of usernames and passwords is a ripe target for various attack methods. Cybercriminals are employing sophisticated techniques like phishing, where they trick users into revealing their credentials. Even when organizations implement stronger security measures, such as multi-factor authentication (MFA), attackers continue to find ways to bypass them. They can use meddler-in-the-middle (MiTM) reverse proxies to intercept and bypass MFA. They also employ techniques like MFA fatigue, where they bombard a user with numerous MFA challenges, forcing the user to accept one just to make them stop. Furthermore, tactics like SIM swapping, where an attacker clones a victim's cell phone SIM card, can intercept text-based MFA challenges. Malware or vulnerabilities can also be used to steal authentication session cookies, allowing attackers to hijack an active user session without needing the user's password or MFA.
Passwordless, also known as passkeys, are based on the FIDO2 standard, which enables passwordless logins to online services using phishing-resistant cryptographic methods, such as biometrics or security keys, instead of passwords. The benefits of a truly passwordless environment are substantial, addressing both user experience and security.
The cybersecurity industry has recognized these issues and is moving toward passwordless authentication, leveraging standards such as FIDO2, Passkey, and WebAuthN. These solutions replace passwords with cryptographic key pairs, where a public key is stored by the website and a private key is held securely on the user's device. This represents a significant step forward, but current solutions still face substantial hurdles that have prevented widespread adoption in the enterprise. Many popular consumer applications, cloud-native applications, and services have adopted passwordless authentication.
However, a significant challenge is the lack of support for existing applications. In many enterprises, up to 43% of applications are considered "legacy" and still rely on traditional password-based authentication. These applications are often on-premise or in private data centers, making them incompatible with modern passwordless standards. Migrating or replacing these legacy applications is a costly and complex undertaking, requiring significant capital investments that many organizations are hesitant to make.
This also leads to IT complexity, as it requires additional configuration to work across mixed endpoint environments (like Windows, macOS, and Linux) and with various identity providers. The result is an inconsistent user experience, with some applications being passwordless and others still requiring passwords and MFA.
The new Passwordless Authentication solution, available in PAN-OS 12.1 Orion, is designed to overcome the limitations of existing passwordless technologies. It provides a comprehensive approach that enables organizations to transition to passwordless authentication across their entire environment, including legacy applications.
This solution enables seamless passwordless access across all managed endpoints and applications. It provides a consistent user experience across various operating systems, including Windows, macOS, and Linux. It integrates with leading Identity Providers (IDPs) like Okta and Microsoft Entra and can extend passwordless authentication to your IdP-managed applications.
The key innovation is our ability to secure legacy applications without the need for costly and time-consuming migrations. The solution utilizes a FIDO2 authentication flow to secure traditional Kerberos-authenticated applications, as well as legacy apps that still require a username and password. You can significantly reduce your password risks and improve your security posture for applications that were previously thought to be unchangeable.
Through our PAN-OS operating system, which spans our NGFW HW and SW portfolios, Palo Alto Networks offers a comprehensive passwordless solution for all applications across the enterprise. The following use cases will help you start your passwordless journey today:
The full demo is available here:
The era of passwords is coming to a close, and for good reason. The traditional password model is no longer sufficient to protect against today's sophisticated cyber threats. While previous passwordless solutions have fallen short, our new approach offers a clear and practical path for enterprise adoption. It provides a simple, secure, and consistent user experience across your entire application ecosystem, including those hard-to-migrate legacy systems. By embracing a truly passwordless future, you can not only improve your security posture but also dramatically reduce the operational burden on your IT and security teams.
For more information, please review our PAN-OS Orion 12.1 documentation.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
| Subject | Likes |
|---|---|
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 3 | |
| 2 | |
| 1 | |
| 1 | |
| 1 |
