Strata Identity and HYPR are partnering to add MFA without rewriting source code. (Photo by Leon Neal/Getty Images)

Strata Identity and HYPR on Thursday announced a partnership that will add phishing-resistant multi-factor authentication (MFA) to any modern, legacy, or custom application without rewriting the source code, pushing the industry closer to a passwordless future.

The two companies said they will make this possible via an abstraction layer that decouples identity and authentication from the identity system and applications. In doing so, Strata and HYPR are promising that organizations with outdated systems can now get the benefits of passwordless authentication security assurance and a frictionless, password-free user experience.

“Legacy MFA technologies are failing at scale and leaving serious security gaps due to insecure authentication methods costing organizations an average of $2.19 million per year,” said Bojan Simic, HYPR's CEO and CTO. "HYPR’s integration with Strata’s technology is exciting because it now enables customers to extend HYPR’s passwordless authentication solution to legacy applications without coding, radically simplifying and accelerating an organization’s passwordless deployment.”

Frank Dickson, who covers security and trust at IDC, said the average person now has more than 200 passwords and the best practice of password rotation, complexity, and no reuse has become untenable, making  passwordless “essential” for both security and the user experience.  

“This news highlights an important feature: there’s an emerging awareness of a feature embedded in the FIDO standard from the start that prevents man-in-the-middle attacks, a feature that has recently been referred to as phishing-resistant authentication,” explained Dickson. “Phishing-resistant strong authentication is critical for passwordless if we are going to make our authentication credentials persistent. Integrations between identity management and authentication providers becomes key to making passwordless a reality.”

Jack Poller, a senior analyst at the Enterprise Strategy Group, has put a “stake in the ground” that 2023 will be the year for passwordless — and the partnership between Strata and Hyper only solidifies this prediction.

“The combination of HYPR’s phishing-resistant MFA and Strata’s identity orchestration will let organizations enable passwordless authentication throughout their entire IT estate,” said Poller. “Whether it’s a modern SaaS or cloud-based app, or an internally developed legacy app, the organization can upgrade to phishing-resistant authentication without rewriting code. This means these organizations can close a large security hole — weak and phishable passwords and MFA — and reduce organizational cybersecurity risk.”

Timothy Morris, chief security advisor at Tanium, added that to truly embrace frictionless authentication, we need to remove tech debt and replace outdated systems. Morris said it’s incredibly hard to remove the plumbing of an old system, which is why we continue to see smaller and emerging markets that are nimbler and adopt passwordless authentication faster.

“At the end of the day, employee buy-in should be the easiest part of the process because users prize convenience and avoid friction whenever possible,” Morris said. “The world of authentication is a nuanced one, but passwordless and 2FA/MFA are all part of the same ecosystem. Multi-factor authentication is an age-old concept or formula that relies on something you have plus something you know to uniquely identify you and authorize access. Passwordless authentication is simply a piece of that larger puzzle.”