Authentication start-ups are like the Spartans of yore within the Identity Management world. Brave, swashbuckling, shining ambition, lithe presence and designed ostensibly for every little battle use case one can think of – that is, until you throw them against a moderately complex enterprise use case. Like Humpty Dumpty, how they all fall down! I am reminded of the BYOD revolution that was instigated at the great battlefield of IAM and Security conferences. They can win a Thermopylae or two between them, but the war will be won by the trundling Persians (read: the one with the grid, arrow, or fruit logos). To be fair, there are a few that get away though, burn the tires, dazzle, and then get acquired. For every one such, there are tens that do not get beyond their first funding round or their first unsuspecting customer.
After all, how long can the Spartans blaze a trail on Persian real estate? Gone are the days when they can build little kiosks or kingdoms oversleeping giants. Password vault or password less, if their customers are not already using it, they have a plan for it. For our Spartans, it is an arduous undertaking. Their solutions are neat at the individual user experience level, but formative from an enterprise delivery standpoint. Try as much as they can, to scale through rapid deployment of product customisations, they are up against organisations that sniff today at tiny bits of software doing tiny bits of things (Solarwinds did not help with that one). FIDO2 is easier to crack, and delivering enterprise software at scale is the difficult part.
I am sure Passwordless will be delivered one day, without the bells and whistles (infra-red camera, mouse, or key) like an imperative, like BYOD was once, with little fuss and fluff.
In the meantime, I will continue to deal sportingly with cheery messages on my LinkedIn inbox from everyone who promises a Password less. They deserve their ephemeral spotlight.
The views mentioned are the author’s own and do not represent that of his employer.