Product
5 Min.
Read

Introducing Hanko Identity

Identity management for the post-password era.

Today we're launching Hanko Identity, our latest and most comprehensive product yet. A lean SaaS Identity & Access Management (IAM) that was built from the ground up around frictionless and highly secure passwordless authentication and does not come with password support at all. Let that sink in. As far as we know, this has not been done before and until proven otherwise, we claim a world-first here 😎

Meticulously tailored for startups and new product teams, Hanko Identity solves:

  • Passwordless login (no compromise)
  • 2FA incl. PSD2 Strong Customer Authentication or SCA
  • User onboarding incl. KYC
  • Account recovery
  • User profile
  • User management
  • Single Sign-on (SSO) with OAuth2 and OpenID Connect


Let’s dive a little deeper into what brought us to building Hanko Identity...

On our mission to help developers implement and run the next generation of user authentication, our first step was to build an API that powers frictionless and secure authentication methods like WebAuthn or Passlinks. If you want to build, say, WebAuthn into your product, there is no faster way than using Hanko Authentication API and its SDKs for that.

But one thing our customers sometimes have been struggling with is the effort that is required to go passwordless. Integrating WebAuthn, Passlinks, or 2FA into your product is still a software project. Call it a sprint, or a bunch of tickets, impacting key frontend and backend components of your product and changing the way your users interact with it or at least get into it. Serious stuff.

Aside from the effort required to integrate new passwordless authentication features into applications, we sometimes also observed concerns about introducing existing users to new authentication methods, especially if they are added on top of an existing password-based login flow that may even already include multiple existing (legacy) 2FA methods like SMS OTP or TOTP authenticator apps.

Meet Hanko Identity

We went back to the drawing board and started working on an even more comprehensive approach for bringing the latest and greatest authentication methods to any app and any website by providing a simple, repeatable, and standardized process for it (we even thought about labelling it “no-code” but that may go one step too far as you’d still have to code your app). Enter Hanko Identity.

Hanko Identity extends our powerful Authentication API with all required user interfaces and flows for user login, registration, account management (profile), user management, and 2-factor authentication (2FA). The whole package.

We already spoiled it in the opening paragraph, but what’s truly special about Hanko Identity is the fact that it runs natively without passwords. All authentication methods available in Hanko Identity go beyond passwords, extending from a simple B2C login scenario to even the most security-focused and regulated 2FA use cases.

Passwordless-native

As the new baseline authentication method for Identity (and as a direct replacement for what is typically done with passwords) we chose a technology that we call Passlinks. Provided by a new feature of our Authentication API, a Passlink is a login link, sometimes also called “magic link”, that can be used to authenticate a user by sending an email with a link that creates a session for that user. At the same time, ownership of the email account, i.e., the username, is validated. Read more on Passlinks here.

But of course we do not stop at Passlinks. After creating an account or signing in with a Passlink, the user is prompted to set up WebAuthn login on the device, which is enabled by our comprehensive WebAuthn API integration.

This ensures a very convenient re-authentication flow where the user does not have to click an email Passlink every time they log in. After enrolling WebAuthn, the next login on the same device can be done with the device’s biometric capabilities.

On a new device, the user can sign in with a Passlink, enroll WebAuthn, and benefit from the most convenient authentication experience possible on every subsequent login. All that without ever having to create, remember, or restore a password at all.

Strong security built on top of Passlinks

Because WebAuthn device biometrics are inherently multi-factor and phishing-proof, the “weakest link” of an account set up as described above is the Passlink, whose security can be considered dependent on the email account where Passlinks are sent to. That may be sufficient for many, especially if the email account itself is protected well. Remember, no passwords means no shared secret, no Phishing, and no credential stuffing.

But there are multiple ways Hanko Identity offers to increase account security to today’s highest standards without relying on the security of the email account alone. For one, a user will be able to add a FIDO Security Key to the account that will be required after a successful Passlink login. This secures the account as good as it gets with our current technology available. Many users do not have a Security Key though, that's why we’ll also allow other, more traditional 2FA methods to be paired with Passlinks. In a next update, we’ll ship support for TOTP apps like Google or Microsoft Authenticator. But remember, with Hanko Identity, 95% of your user’s logins will happen with WebAuthn biometrics, where no Passlink and no other 2FA is needed.

The power of standards: FIDO2, OAuth2, and OpenID Connect

To make integrating Hanko Identity with your app as smooth as possible, we leverage the power of open standards. OpenID Connect and OAuth2 are used to handle authentication and authorization. These battle-proven standards are used by billions of users everyday and are a perfect solution to connect an identity system with any app. Our FIDO2-certified WebAuthn infrastructure is used to power all passwordless flows and ensures highest compatibility with most end user devices.

Try Hanko Identity today

At Hanko, we’ve been pioneering passwordless authentication for many years now, and used that experience to reimagine online identity.

Of course we will continue to extend and improve Hanko Authentication API. If you already have implemented your own identity management and just want to add WebAuthn or the other authentication methods Authentication API supports, you’re good to go.

But if you start your new project that needs user authentication or want to replace your current identity solution, give Hanko Identity a try and never look back.

Now take a look at the new developer documentation for Hanko Identity, sign up for free, and start shipping your passwordless product login 🚀

Back to overview
Share Post on

More blog posts like this one

Don't miss out on the latest developments in the authentication space and on Hanko's product.