Notifications
Clear all
Topic starter
12/06/2026 10:11 pm
TL;DR: KuppingerCole’s passwordless Leadership Compass says password elimination, phishing resistance, and Zero Trust fit are driving buyer interest, while Axiad notes 70% of respondents operate three or more IAM ecosystems, according to the vendor. The practical issue is not whether passwordless is desirable, but whether fragmented identity estates can support it without adding governance gaps.
NHIMG editorial — based on content published by Axiad: KuppingerCole Highlights Axiad as a Top Passwordless Authentication Provider
By the numbers:
- 70% of respondents have 3 or more IAM ecosystems in use.
Questions worth separating out
Q: How should security teams roll out passwordless authentication in fragmented IAM environments?
A: Start with a mapped view of directories, federation paths, and application exceptions, then choose the user populations where passwordless can be enforced consistently.
Q: Why does passwordless authentication matter for Zero Trust programmes?
A: Passwordless reduces password replay and phishing risk, which strengthens the initial identity check in a Zero Trust model.
Q: What do security teams get wrong about passwordless adoption?
A: The common mistake is treating passwordless as a login project instead of an identity governance change.
Practitioner guidance
- Inventory authentication dependencies across IAM ecosystems Map every directory, federation path, and legacy application that will be touched by passwordless so you can see where assurance will differ by platform.
- Define where passwordless is mandatory versus exception-based Set clear policy for which user populations, applications, and device states must use passwordless and where fallback authentication is still allowed.
- Tie passwordless to Zero Trust control objectives Measure passwordless against access policy enforcement, session validation, and phishing resistance rather than treating it as a user-experience upgrade.
What's in the full article
Axiad's full blog post covers the vendor and analyst details this post intentionally leaves for the source:
- The specific KuppingerCole leadership compass criteria used to evaluate passwordless vendors
- Axiad's product positioning and platform claims around passwordless authentication and interoperability
- Survey and report references that underpin the vendor's view of passwordless adoption
- Additional linked resources, including a case study and survey executive summary
👉 Read Axiad’s summary of KuppingerCole’s passwordless authentication research →
Passwordless authentication: what it means for IAM teams now?
Explore further
13/06/2026 12:47 am
Passwordless authentication is now an IAM integration problem, not a feature decision. The article’s strongest signal is the gap between modern authentication goals and fragmented reality. When 70% of organisations already operate three or more IAM ecosystems, passwordless cannot be assessed in isolation. Practitioners should treat this as a cross-platform governance issue, not a single-product evaluation.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which shows how often identity governance is still operating without complete coverage.
A question worth separating out:
Q: How do organisations know whether passwordless is actually improving security?
A: Look for reduced password replay exposure, fewer phishing-driven account takeovers, and consistent authentication policy across all major identity ecosystems. If users still depend on weak fallback paths or separate legacy sign-in methods, the programme may improve convenience without materially changing risk.
👉 Read our full editorial: Passwordless authentication and zero trust readiness need a broader IAM view
