Passwordless that just works

Passwordless 1FA Authentication
for Linux

Introduce 1FA passwordless with decentralized credentials with AuthNull.

Switch to 2FAGet a demo
FIDO2verifiedPAMsessionBiometric verifiedno password required · TTL 4hactive

Passwordless logon for Active Directory accounts

Enable Active Directory authentication 1FA with passwordless. Works for Windows and Linux authentication.

Passwordless for Service Accounts

Detect and protect unprotectable service accounts by introducing 1FA passwordless, or Delegated M2M authentication without human intervention.

Learn more
Coming soon

Passwordless for Apps

Launching soon — passwordless for your OIDC apps. Configure, issue and authenticate with OIDC / SAML2 apps with passwordless.

Passwordless — How does it work?

FIDO2 / biometric auth
No password vault needed
SSH + sudo protection
AD + local account support
Service account M2M
Breakglass access
HOW IT WORKS

From install to passwordless in under an hour

01
Install the AuthNull PAM module

A single package install drops the AuthNull PAM module onto your Linux host. No firewall changes, no infrastructure rework.

02
Configure your authentication policy

Choose between 1FA passwordless, MFA, or Delegated M2M for service accounts. Policies are applied per user, group, or machine.

03
Users enroll their device

Users register a FIDO2-compatible device or biometric once. After that, SSH and sudo require no password — ever.

04
Every session is audited

All authentications are logged with full context. Session recording captures what was run and when.

SSH WITHOUT PASSWORDS

Drop-in passwordless SSH for every Linux host

AuthNull replaces SSH password prompts with cryptographic biometric authentication. No shared keys to rotate, no passwords to leak — just a tap on your enrolled device.

FIDO2 and biometric authentication
Users authenticate with their device's biometric sensor or a hardware security key. No credential to steal or guess.
Works agentlessly or with the PAM module
Deploy the lightweight AuthNull PAM module for full control, or use the agentless mode for read-only environments.
Talk to an expert
SSH — Passwordless Session
user@workstation:~$ ssh prod-server-01
Authenticating with AuthNull...
✓ Biometric verified — no password required
Session recorded · TTL: 4h
user@prod-server-01:~$ _
PAM module: active
Credential type: decentralized / FIDO2
Password vault: not required
PAM MODULE

One module secures SSH, sudo, and local login

The AuthNull PAM module plugs into the Linux authentication stack to protect SSH sessions, sudo commands, and console logins — all from a single configuration.

Active Directory and local accounts
AuthNull supports both AD-joined Linux machines and machines with only local user accounts, with no account syncing required.
Breakglass support for emergencies
Configure a breakglass policy so that administrators can recover access in an emergency, with a full audit trail of every use.
Talk to an expert
AuthNull PAM Configuration
/etc/pam.d/sshd
auth sufficient pam_authnull.so
auth required pam_unix.so nullok
✓ Active Directory lookup enabled
✓ Local user fallback enabled
✓ Breakglass mode: configured
✓ sudo protection: active
FULL ACCOUNT COVERAGE

Human users, service accounts, and root — all covered

AuthNull gives you a unified view of every account on your Linux fleet — human users go passwordless, service accounts use Delegated M2M, and privileged local accounts get breakglass protection.

Service account M2M delegation
Protect unmanageable service accounts with Delegated M2M authentication — no human in the loop, no static credentials.
Full audit log across all account types
Every authentication event, for every account type, is logged with user, timestamp, machine, and session context.
Talk to an expert
AuthNull · Linux Account Coverage
alice
AD User
passwordless
svc-deploy
Service Account
M2M delegated
root
Local
breakglass
ci-runner
Service Account
M2M delegated
All authentications logged · session recording on

Get in Touch

Meet with our team to explore passwordless 1FA for Linux — see how AuthNull eliminates passwords across SSH, sudo, and service accounts.

Protect your legacy and modern infrastructure
Rollout passwordless quickly and easily
Leverage our AI co-pilot to help reduce the operational burden
Talk to an expert