Unauthorized access to an application is bad. So when should you allow passwords to be used to authenticate into your application? And what requiremen

The Role Of Passwords In A CIAM System - by Dan Moore

submited by

Style Pass

2024-09-30 23:30:06

Unauthorized access to an application is bad. So when should you allow passwords to be used to authenticate into your application? And what requirements, if any, should you have about the password presentation process?

Nowadays there are better, more secure, friendlier options available for customers to log into systems than passwords. These include:

Remember, the first rule of CIAM is your customers are paying you, which means your authentication mechanism needs to meet their needs as well as yours.

Federation is when your application delegates authentication to another identity system. This might be a social provider like Google, Facebook, or WeChat. Or it might be a more specialized identity store like Xing (for European business users), Steam (for games) or GitHub (for developers).

Either way, your application sends the user to the remote system for authentication. Then your app gets a thumbs up or thumbs down from the source of identity, as well as some information about the user. You can store the data in your system and grant access based on the result.