Passwordless authentication is a hot topic. Did you know that the U.S. federal government went passwordless more than 15 years ago? Well, kind of, as I’ll explain shortly. From 2010 to 2015, I worked for the Department of Homeland Security, and was part of driving this effort. We achieved a great deal and learned many valuable lessons along the way. These lessons can benefit any digital identity effort – especially one that includes passwordless authentication.
The federal government efforts to eliminate passwords began in the late 1990s, and, by 2015, almost everyone’s computer login passwords had been replaced with a smart card that supported up to three factors of passwordless authentication. The problem? Behind each computer login lived thousands of password-protected applications that had no way to process smart cards.