EN Except for Fenrir, we can divide the current authentication methods in 3 different families:
- User+Password: This can be your standard user and password login, but we include also anything based on OpenID(legacy, connect) or OAuth(1, 2). Just to try to give our competitor some advantage, if any one has the feature we want, we will count it as all of them having it.
- Password manager: This can be a layer on top of user+password. Basically we have a program that will save the passwords for us, and we either copy-paste them or the program copies them for us. Bitwarden, 1Password, Lastpass fall in this category. We include WebAuthN in this category.
- Central Directory: These are mostly business-oriented solutions, like Microsoft’s Active Directory of RedHat’s version, FreeIPA
| Feature |  | User + Password | Password Manager | Central Directory |
|---|---|---|---|---|
| [tooltips content = “Accounts one one device are available on other devices”]Device synchronization[/tooltips] | ![tick1 9 Best WordPress Table Plugins Compared To Choose [2023]](https://www.wpoven.com/blog/wp-content/uploads/2022/12/tick1.png.webp){kind=small} | ❌ | | *0 |
| [tooltips content = “Temporarily or permanently block all logins from one device”]Device lock[/tooltips] | | ❌ | ❌ | *0 |
| [tooltips content = “List of past logins of the account, independent from the device”]Login history[/tooltips] | | ❌ | ❌ | ❌*1 |
| [tooltips content = “Can you use your username on services from different companies, without registering?”]Federated[/tooltips] | | ❌*5 | ❌ | ❌*2 |
| [tooltips content = “logins happen without you having to input a password”]Passwordless[/tooltips] | | ❌ | *3 | *2 |
| [tooltips content = “Multi Factor Authentication: confirm the login on other devices before being granted access”]2FA[/tooltips] | | ❌*4 | ❌ | |
| [tooltips content = “Instantly detect if the login data has been compied or stolen by hackers”]Theft detection[/tooltips] | | ❌ | ❌ | ❌ |
| [tooltips content = “Let an application to read your bank account, but make it impossible to send money”]Authentication scope[/tooltips] | | *6 | ❌ | ❌ |
| [tooltips content = “What happens if the authentication server is hacked?” ]Rogue Server Protections*7[/tooltips] | | ❌ | *8 | ❌ |
| Feature | | User + Password | Password Manager | Central Directory |
*0 You can’t actually do this on your own, you need the AD server administrator, but we are going to be nice to our competitors and count it anyway
*1 Feature is available to the server administrators only. It could be exposed, but no service does this
*2 AD/FreeIPA could be federated, but does not include discovery so every server should have the complete list of all AD domains
*3 copy-paste, autofill count as passwordless
*4 2FA can be done, but is different and nonstandard for every service
*5 OpenID Connect technically has discovery (and therefore federation), but even though it’s a 2014 standard nobody uses it this way and many libraries have broken discovery (both server and service side)
*6 OAuth does provides authentication scope, but it is much more static and difficult to change than with Fenrir
*7 A Rogue Server is a server that is malicious or has been hacked.
*8 Only in the WebAuthN case, since it does not require additional authentication servers.