Notifications
Clear all
Topic starter
08/06/2026 4:05 pm
TL;DR: KuppingerCole’s Leadership Compass on passwordless authentication highlights a market where password elimination, phishing resistance, and zero trust alignment are becoming central buyer criteria, while 70% of respondents report using three or more IAM ecosystems, according to Axiad. The real issue is not whether passwordless works, but whether fragmented identity estates can absorb it without adding more operational complexity.
NHIMG editorial — based on content published by Axiad: KuppingerCole Highlights Axiad as a Top Passwordless Authentication Provider
By the numbers:
- According to the 2022 Authentication Survey, 70% of respondents have 3 or more IAM ecosystems in use.
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: How should security teams implement passwordless authentication across multiple IAM systems?
A: Start by mapping where identity is actually resolved, then standardise recovery, federation, and conditional access across each IAM ecosystem.
Q: Why does passwordless not automatically make an environment zero trust?
A: Zero trust requires continuous verification, policy enforcement, and session control.
Q: What do teams get wrong about passwordless recovery flows?
A: They often make recovery easier than login, which creates a weaker back door into the account.
Practitioner guidance
- Inventory authentication fallbacks Document every recovery, reset, and re-enrolment path that can bypass the primary passwordless flow, then grade each path by assurance level and help-desk dependency.
- Map passwordless to federation flows Trace how identity is asserted from device to directory to application, and identify where token exchange or policy translation weakens the assurance chain.
- Standardise trust policy across IAM ecosystems Align device posture, conditional access, and recovery requirements across all IAM platforms before scaling passwordless to additional applications.
What's in the full article
Axiad's full blog post covers the operational detail this post intentionally leaves for the source:
- KuppingerCole report highlights and the specific vendor evaluation criteria behind the passwordless leadership compass
- Axiad Cloud integration details for existing IAM infrastructure and policy alignment
- Survey context on how many IAM ecosystems organisations typically run and why that affects rollout planning
👉 Read Axiad's analysis of KuppingerCole's passwordless authentication research →
Passwordless authentication and IAM sprawl: what teams need to know?
Explore further
08/06/2026 5:32 pm
Passwordless authentication does not solve identity sprawl. A multi-IAM estate changes the governance problem from factor strength to control consistency. When 70% of organisations already run three or more IAM ecosystems, the risk is not just user friction, but uneven policy enforcement, duplicated recovery paths, and inconsistent trust assumptions. Practitioners should treat passwordless as a consolidation trigger, not a side project.
A few things that frame the scale:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why authentication modernisation and identity inventory have to move together.
A question worth separating out:
Q: How do you know if passwordless authentication is actually working?
A: Look for fewer password-based prompts, but also check whether recovery tickets, account rebinds, and policy exceptions are falling. If passwordless adoption rises while fallback activity stays high, the programme has not removed risk, it has shifted it into less visible control paths.
👉 Read our full editorial: Passwordless authentication is still constrained by IAM sprawl
