1Kosmos tops KuppingerCole 2026 passwordless ranking
1Kosmos has been named Overall Leader, Product Leader and Innovation Leader in the 2026 KuppingerCole Leadership Compass for Enterprise Passwordless Authentication, after an assessment of 26 vendors.
KuppingerCole evaluated suppliers on product capability, innovation and market execution. The report highlighted 1Kosmos for combining FIDO2-certified authentication with integrated identity proofing, covering both initial onboarding and ongoing sign-in.
Passwordless authentication has become a priority for many large organisations as phishing and credential theft continue to drive account compromise. Security teams are also managing complex access patterns, including contractors and partners who use unmanaged devices and connect from outside corporate networks.
In its assessment, KuppingerCole pointed to 1Kosmos's emphasis on identity assurance and device-centric security. This approach ties authentication to a verified identity and a trusted device state, rather than relying on a password and one-time code.
Guillaume Teixeron, Senior Analyst at KuppingerCole, described the platform's positioning in the enterprise market.
"What separates 1Kosmos in enterprise passwordless authentication is its ability to combine identity-bound verification with strong device trust in a single platform," said Teixeron. "This approach helps organizations reduce phishing risk, strengthen access controls for workforce and partner scenarios, and modernize authentication without adding operational complexity."
Platform scope
1Kosmos markets its platform for workforce and business-to-business use cases, including employee access to corporate applications and partner access to shared environments. It also positions the product around identity verification for onboarding and account recovery, alongside passwordless sign-in.
The report cited the platform's use of FIDO2-certified authentication and integrated identity verification aligned with NIST Identity Assurance Level 2 and Authentication Assurance Level 2-common reference points for remote identity proofing and strong authentication requirements.
KuppingerCole also highlighted device lifecycle and trust management, including posture checks and integration with unified endpoint management tools. These features are designed to inform access decisions based on the condition of a user's device, such as security configuration and compliance status.
Integration with established identity and access management environments remains a key procurement requirement for large organisations. The report referenced support across common enterprise systems, including Microsoft Entra ID, Active Directory, VPNs, VDI environments and legacy applications. It also cited SAML, OpenID Connect and SCIM for interoperability and provisioning workflows.
Risk signals
Alongside passwordless sign-in, KuppingerCole drew attention to 1Kosmos's approach to risk-based controls, highlighting an adaptive risk engine that evaluates contextual and behavioural indicators.
The indicators cited include device posture, location, IP reputation, geo-velocity and time-based anomalies. The report said these inputs feed dynamic risk scoring and policy enforcement, with options such as step-up authentication and transaction signing.
Security buyers have increasingly pushed suppliers to pair strong authentication with continuous risk evaluation. Many organisations also require recovery mechanisms when devices change or are lost, since passwordless schemes often shift the burden from memorised secrets to device possession and identity verification.
The report also cited 1Kosmos's privacy-preserving approach, including decentralised identity storage, reflecting a broader market trend toward limiting centralised retention of sensitive personal data.
Executive view
Hemen Vimadalal, CEO of 1Kosmos, framed the recognition as part of a wider shift in how organisations view passwordless deployments.
"Enterprises are moving beyond simply eliminating passwords, they need verified identity that strengthens security without introducing workforce friction," said Vimadalal. "Our platform reduces phishing risk, prevents account takeover, and extends secure access to employees and partners across managed and unmanaged devices. By combining passwordless with device trust and identity assurance, customers can modernize access while improving user experience and reducing identity-related risk."