Credentialless Identity
The only Identity Provider that eliminates stored credentials entirely.
Patent-protected behavioral authentication that validates how users behave, not what they remember.
Quick Links
Free Trial of Secure Authentication and Continuous Authentication Monitoring
Feature Set Summary and Why You Need Them
App Download, Install, Register once, and Use Many Experience
Evolving Cyber Risk Landscape
- A majority of breaches leverage user credentials
- One in three SMBs experienced a cyberattack in the past 12 months
- Only 28% of SMBs require the use of MFA.
- Over 90% of cyberattacks result from a phishing attack
- Microsoft and Google report marked increases in session cookie attacks that lead to hijacked sessions.
- Phishing resistant authentication does not protect the session token, leaving the door open for harvesting
- There is a cause-and-effect relationship between increased use of strong MFA and increasing incidence of session hijacking
- The average ransomware cost is $1.54 million
Risk Reduction and Avoidance
- Adopt credentialless identity verification.
- Adopt high-assurance phishing-resistant authentication as recommended by cyber experts.
- Adopt authentication and session management without session token cookies.
- Adopt an authentication service that harmonizes the secure authentication ceremony with the security of continuous session monitoring.
Four easy steps to a low-risk future.
Read more about the feature set of a good authentication service providing these four steps and more.
Good Cyber Hygiene is not Optional
- A Mastercard survey found that 46% of SMBs experienced a cyberattack on their current business in the previous year.
- Hackers go for the low-hanging fruit, the SMB, based on the belief that it has weak defenses.
- A breach is more than inconvenient; there's a risk of financial, reputational, operational, and property losses, and most importantly of all, the well-being of those who rely on your business services.
- Limited or no dedicated IT or security staff is not a reason to forgo effective cybersecurity.
The effective authentication service provides:
- Protecting the business from phishing throughout the online experience.
- Security of your most valuable assets, your customers, and their data.
- A user experience that is no more complex than an ATM card transaction, guaranteed.
- Installation in minutes with no impact on the help desk, guaranteed.
Visit our Free Trial page where you can experience firsthand the ease with which this service is installed and used.
Read more about our integration services available at no cost to assist.
Managed Service Provider (MSP)
Thank you for stopping by
As an MSP, you literally stand on the front lines of cyberwar. The challenges faced are immense, not only in having your clients' backs but also in providing for your own business security and well-being. Of course, doing so profitably adds another dimension.
The balanced cybersecurity framework includes: removing phishing opportunities and reward, preventing hijacking the authentication ceremony, and prevention or mitigation of session hijacking.
Streamline operations by reducing help desk ticket volume, providing a single pane of glass multi-tenant dashboard, and streamlining client deployment, onboarding, and maintenance.
A persistent challenge for MSPs that identity providers must address is providing cybersecurity for their business and clients while meeting regulatory requirements.
Adopting a unified IdP solution as opposed to assembling a kit of piece parts from multiple vendors relieves the technical challenges not consistent with the underlying business model.
The Intersection of Security & Compliance
An intersection the MSP knows well: clients with extremely sensitive information and strict regulatory requirements on the one hand and those whose needs are not so demanding on the other. Doing so with dissimilar identity solutions is not a business-friendly approach nor perhaps a sustainable alternative.
A holistic identity provider service providing passkey authentication with enhanced phishing resistance, credentialless high assurance (AAL3) MFA, integrated OIDC and SAML 2 providers, and continuous authentication monitoring with Unified Endpoint Management. All within a single configurable service to meet a broad range of client needs.
Aids in achieving various compliance and regulatory requirements, such as NIST, CMMC, HIPAA, PCI/DSS, GDPR, ZTA, ISO, and others.
Single dashboard supporting multiple clients with single pane of glass views.
The MSP Business Value
MSPs are businesses, and as such, they provide a reliable and reasonable product or service at a reasonable and profitable price, with little or no support or maintenance requirements.
Often at the SMB end of the business spectrum, meeting ZTA and CMMC Level 3 is cost prohibitive. An IdP option that includes CAM presents MSPs with new opportunities and revenue streams.
Often the no-cost option is not always free. Such is the case with Passkey and the help desk demands it causes.
From a competitive standpoint, an IdP providing high-assurance MFA with continuous authentication monitoring has no equal short of enterprise-grade IAM solutions.
Its attractive pricing and margins are advantages under all conditions; however, early anchor adopters now have an opportunity to enjoy very favorable deals.
In Closing
It is likely you’ll find no competitor on par with AffirmedID without moving into the expensive enterprise category of product. So far as we know there are none and yet your clients no matter their size are no less important than those in the enterprise class and are deserving of cybersecurity on par with what they receive.
Take a moment to review and compare the AffirmedID feature set summary, we are sure you’ll find no equal and equally sure your clients would appreciate the advantage they provide.
Visit our free trial page to try out each of several supported operating modes you can provide to your clients.
Read more about our integration services available at no cost to assist your engineers with their integration needs.
Reach out if you would like more information or wish to discuss adding AffirmedID to your portfolio of services.
| AffirmedID Benefits | Why it’s important | ||||
|---|---|---|---|---|---|
| ** Hybrid Passkey (FIDO2), provides both improved user experience AND uncompromising security. | Where the use of a Passkey is necessary or desirable, the MSP has a dilemma: improved user experience configured as a cloud-synced Passkey or uncompromising security configured as a hardware-bound Passkey. Of course, an MSP has the option to switch to Hybrid Passkey thereby retaining the benefit of hardware-bound cryptography with a UX others rate as superior to Passkey. | ||||
| ** Multi-Factor Identity Verification should not be optional. Identity is important, so much so it is a prerequisite for every authentication ceremony. | Microsoft and Cisco Duo Passwordless Push, most forms of FIDO2, and every form of OTP authentication skip this very vital need, to verify user identity as an integral part of authentication. MSP’s can improve their clients' cybersecurity posture by simply upgrading them to AffirmedID, and where Passkey is currently used, improved security with no impact on their users. | ||||
| ** Credentialless authentication, identity recognition and verification without benefit of stored credentials. The ultimate in phishing resistance. | For years, DBIR has consistently reported that most breaches leverage user credentials. Stored credentials of any type—password, PIN, face, and fingerprint—are the target of most phishing attacks. A Black Hat 2025 presentation showed how easily Face ID authentication could be hijacked, in minutes, simply by replacing a stored credential. Hybrid Passkey phishing resistance is enhanced by being credentialless, leaving no credential to replace. | ||||
| Hybrid Passkey's Single-Step AAL3 compliance is unique and in demand. | MSPs are increasingly receiving client requests for AAL3 compliance. Microsoft and Cisco responded by adding authentication ceremonies to a passwordless push ceremony. In effect, achieving AAL3 by combining two or more authentication ceremonies. And doing so with disregard for UX complexity and frustrations. Now, by switching clients to single-step Hybrid Passkey, the MSP provides AAL3 compliance without UX impact. | ||||
| ** Continuous Authentication Monitoring (CAM) may seem futuristic now but soon it will become a must have. For some, it already is. | CAM is in the operational fabric of ZTA and CMMC. MSPs are receiving client interest in ZTA and CMMC, in some cases urgently so. AffirmedID's end-to-end CAM solution is unique in monitoring user proximity, location, and behaviors from authentication to session logout. And the service provides the MSP with a wonderful up-sell opportunity to meet this growing need. | ||||
| Zero Trust Architecture (ZTA) principles require continuous verification of trust—not just at login, but throughout the session. | While CAM may not be a named requirement, it’s a practical necessity for achieving and maintaining CMMC above level 2, for implementing ZTA strategies, and for conforming to NIST 171, 37, 53, RMF, and both FedRAMP and DFARS. Can HIPAA, FinTech, PCI/DSS, and others be far behind? | ||||
| Superior Hybrid-Passkey UX Enter a PIN, tap a display button, done! A painless single-step authentication experience, universal no matter the account context. Simplicity throughout this do-it-yourself UX. | Transferring the hardware-bound Passkey or Passwordless Push authenticator to another cell phone is a nightmare that needs repeating for every registered account. Cross-framework Passkey use is both challenging and problem-prone. Users transfer the Hybrid Passkey account in less than 2 minutes, transferring all accounts at once. Hybrid Passkey has one framework no matter which type of cell phone is used. | ||||
| ** Out-of-band Tri-Net authentication improves phishing resistance by blocking AiTM / MiTM attack. | Passkey and Cisco Duo Proximity Authentication take liberties to exploit the inherent security benefits of tri-net authentication ceremonies. Tri-net foresight and methodologies predate Passkey, FIDO2, and Passwordless Push by several years, as do related patents. In one sense, adoption by others is a tacit endorsement of AffirmedID’s underlying framework. | ||||
** Incorporates patented methods that predate, and parallel core techniques now employed in Passkey implementations by Google, Apple, and Microsoft and in Cisco Duo Passwordless authentication—patents referenced by over 60 citations from across the industry. | |||||
Seamlessly Bridging to the IAM Landscape
An ongoing integration project adding ZT compliant Identity Service to IAMs
Availability: Now
Protocols: SAML, OIDC, OAuth 2