EN Except for Fenrir, we can divide the current authentication methods in 3 different families:
- User+Password: This can be your standard user and password login, but we include also anything based on OpenID(legacy, connect) or OAuth(1, 2). Just to try to give our competitor some advantage, if any one has the feature we want, we will count it as all of them having it.
- Password manager: This can be a layer on top of user+password. Basically we have a program that will save the passwords for us, and we either copy-paste them or the program copies them for us. Bitwarden, 1Password, Lastpass fall in this category. We include WebAuthN in this category.
- Central Directory: These are mostly business-oriented solutions, like Microsoft’s Active Directory of RedHat’s version, FreeIPA
| Feature |  | User + Password | Password Manager | Central Directory |
|---|---|---|---|---|
| Device synchronization | ![tick1 9 Best WordPress Table Plugins Compared To Choose [2023]](https://www.wpoven.com/blog/wp-content/uploads/2022/12/tick1.png.webp){kind=small} | ❌ | | *0 |
| Device lock | | ❌ | ❌ | *0 |
| Login history | | ❌ | ❌ | ❌*1 |
| Federated | | ❌*5 | ❌ | ❌*2 |
| Passwordless | | ❌ | *3 | *2 |
| 2FA | | ❌*4 | ❌ | |
| Theft detection | | ❌ | ❌ | ❌ |
| Authentication scope | | *6 | ❌ | ❌ |
| Rogue Server Protections*7 | | ❌ | *8 | ❌ |
| Feature | | User + Password | Password Manager | Central Directory |
*0 You can’t actually do this on your own, you need the AD server administrator, but we are going to be nice to our competitors and count it anyway
*1 Feature is available to the server administrators only. It could be exposed, but no service does this
*2 AD/FreeIPA could be federated, but does not include discovery so every server should have the complete list of all AD domains
*3 copy-paste, autofill count as passwordless
*4 2FA can be done, but is different and nonstandard for every service
*5 OpenID Connect technically has discovery (and therefore federation), but even though it’s a 2014 standard nobody uses it this way and many libraries have broken discovery (both server and service side)
*6 OAuth does provides authentication scope, but it is much more static and difficult to change than with Fenrir
*7 A Rogue Server is a server that is malicious or has been hacked.
*8 Only in the WebAuthN case, since it does not require additional authentication servers.