Teleport features passwordless access with new access plane update

Teleport, an open source platform designed to provide zero trust access management applications, has announced the latest version of its unified access plane, Teleport 10, which features passwordless access as a single sign-on (SSO) infrastructure access solution.

Teleport’s unified access plane is an open source identity-based infrastructure access platform that unifies secure access to servers, Kubernetes clusters, applications and databases.

With the new capability, Teleport hopes to eliminate the need for usernames, passwords, private keys, and other secrets by integrating biometric solutions such as Touch ID, Windows Hello, Yubikey Bio, and Trusted Platform Module (TPM) hardware.

“Stolen credentials, like passwords, are the number one cause of data breaches,” said Ev Kontsevoy, CEO and co-founder of Teleport. “With passwordless access, organizations can dramatically reduce risk of breaches while improving the user experience for their engineers.”

Teleport passwordless access is based on the company’s partnership with Fast Identity Online (FIDO) Alliance, an open industry association designed to develop and promote authentication standards that help reduce over-reliance on passwords.

Teleport 10 combines human and machine identities 

Existing access solutions use identity management (IDM) passwords or multifactor authentication, and browser cookies for an integrated SSO to work, both of which are vulnerable to exploitations, according to Kontsevoy. Teleport will combine human IDs (like fingerprints, face ID) and Machine IDs to provide a more secure SSO access. 

Teleport 10’s passwordless access authenticates by combining both human and machine identities. It uses biometrics such as fingerprints instead of a password, allowing users to access protected resources like Linux or Windows servers, databases, Kubernetes clusters, and internal private applications without remembering multiple passwords.

 Teleport 10 also will need to authenticate the user’s machine. The required machine identities will generally include the trusted platform module (TPM), Windows Hello, or Yubikey Bio.

“I like Teleport’s effort at combining biometric authentication with protected machine identities,” said Liz Miller, an analyst at Constellation Research. “This is not intended to be a single path to authentication, which so often can also be a single point of identity failure.”

Instead of cookies used by the IDM solutions, Teleport will use certificates for passwordless access that can also be tied to TPMs and have metadata with access role and expiry details.

“All modern infrastructure protocols support certificates. A certificate can expire after a few hours, or even seconds, or be revoked on demand. This makes certificates less vulnerable to loss or theft,” said Kontsevoy.

Teleport 10 is available immediately and can be accessed by users by upgrading to the latest version, the company said.