Advancements in Passwordless Authentication and Identity Security
Organizations are increasingly moving towards passwordless authentication methods, with technologies such as passkeys and device identity gaining traction as more secure alternatives to traditional passwords and multi-factor authentication (MFA). Passkey authenticators, often integrated into password managers or as standalone components, play a critical role in enabling seamless and secure login experiences by leveraging new standards and cryptographic techniques. Device identity further enhances security by binding credentials to hardware, making authentication resistant to phishing and social engineering attacks, while also improving user experience by reducing prompt fatigue and streamlining access to applications and networks.
The identity security market is also witnessing strategic acquisitions, such as Ping Identity's purchase of Keyless, which aims to integrate privacy-preserving biometric authentication for frontline workers and address emerging threats like deepfakes. These moves reflect a broader industry trend towards comprehensive identity lifecycle management, resilience against AI-driven threats, and scalable support for both human and machine identities. As economic constraints limit large-scale mergers, the focus is shifting to targeted acquisitions that expand platform capabilities and reinforce the shift to passwordless, device-centric authentication models.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Passkey authenticators highlighted as key to passwordless adoption
ZDNET published an explainer describing passkey authenticators as a core component of passwordless authentication, outlining platform, virtual, and roaming authenticators and their role in FIDO2-based security. The article is descriptive rather than reporting a separate incident, so the publication date is used.
Ping Identity acquires Keyless
SC Media reported that Ping Identity purchased Keyless, a move described as expanding Ping's identity and authentication capabilities. The reference does not provide a specific transaction date beyond the publication date.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
What is a passkey authenticator? Only the key to our passwordless tomorrow
zdnet.com
Open sourceNot another push notification – How device identity solves MFA challenges
scworld.com
Open sourcePing’s purchase of Keyless signals expansion of identity capabilities
scworld.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Challenges and Progress in Enterprise Passwordless Authentication
Enterprises are increasingly adopting passwordless authentication methods such as biometrics, passkeys, and security keys to enhance security and reduce the risks associated with traditional passwords. However, widespread implementation remains difficult, particularly for legacy systems, operational technology, and specialized applications that were never designed for anything other than passwords. Security leaders report that while most organizations can cover the majority of their threat landscape with passwordless solutions, the final 15%—often the most critical and legacy-dependent systems—remains resistant to change, creating operational and security challenges. Major technology providers like Google are actively promoting passwordless authentication, urging users to adopt passkeys and stronger authentication tools in response to increasingly sophisticated phishing and vishing attacks. Despite these efforts, the transition is hampered by technical, operational, and user experience hurdles, and attackers are exploiting gaps between multiple authentication systems. The push for a passwordless future is ongoing, but experts caution that full adoption may never be realized, and organizations must remain vigilant against evolving credential-based threats.
Jun 30, 2026
Enterprise Struggles and Trends in Customer Authentication Security
Organizations continue to rely heavily on passwords for customer authentication, despite widespread recognition that these methods are both insecure and detrimental to user experience. Research from Descope highlights a persistent gap between security leaders’ stated priorities and the authentication technologies actually deployed, with 87% of organizations still using passwords as a primary method. While most companies claim to use multi-factor authentication (MFA), coverage is inconsistent, leaving exploitable gaps for attackers. The transition to more secure options like passkeys is hindered by technical debt, resource constraints, and internal misalignment, even as over 70% of organizations plan to adopt such technologies. Industry experts and practitioners are debating whether passwordless authentication is ready for widespread adoption or if it simply introduces new challenges. The evolution of identity management now includes managing non-human identities, implementing privilege access management, and adopting risk-based authentication. Security leaders are urged to align MFA, governance, and zero trust principles to resist account takeover and policy drift, but practical barriers remain in rolling out modern authentication at scale. The consensus is clear: while the future of authentication is moving beyond passwords, organizations face significant hurdles in making this transition both secure and user-friendly.
Jun 29, 2026
Corporate Security Risks and the Shift Toward Passwordless Authentication
A new report from password manager 1Password highlights that weak or compromised passwords remain a significant security risk for organizations, with employee password practices worsening despite increased awareness. Survey data from over 5,000 workers across multiple countries reveals that a majority of employees, including IT professionals, continue to reuse passwords, rely on default credentials, or share passwords via insecure channels, exacerbating the threat landscape for businesses. The report underscores that even as companies move toward passwordless authentication, the transition is gradual and current credential management practices are not keeping pace with evolving threats. In response to these challenges, technology vendors are accelerating the adoption of passwordless solutions. Microsoft has released Edge version 142.0, introducing cross-platform passkey synchronization, allowing users to securely reuse passkeys across devices and browsers. This feature, which requires a dedicated PIN for access, aims to enhance both security and usability, reducing reliance on traditional passwords. The move reflects a broader industry trend toward passkeys and multi-factor authentication as default options, with major platforms like Google and Meta also embracing passwordless technologies to mitigate the risks associated with password-based authentication.
Jun 29, 2026