Did you know that even after more than 40 years of IT innovations, passwords are still the most widely used authentication method? To understand why Is so important to improve the authentication (Including passwordless authentication) methods in the organization, here are some cyber security stats that everyone must know:
- At least 65% of people reuse passwords across multiple sites.
- About 80% of data breaches in 2019 were caused by password compromise.
- Compromised passwords are responsible for 81% of hacking-related breaches.
Most organizations still use traditional passwords as their core authentication method. Attackers can guess or steal credentials and gain access to sensitive information and IT systems using a variety of techniques, including:
- Brute force methods.
- Credential stuffing.
- Man-in-the-middle attacks.
Password replacement options can help organizations provide convenience and ease-of-use without high-security risks. Ideally, with password-less authentication, you can have an ecosystem of authentication that meets the organizational needs of high security and privacy, usability, and interoperability among different authentication devices.
According to the Secret Security Wiki, passwordless authentication is “any method of verifying the identity of a user that does not require the user to provide a password. Passwordless authentication is a type of multi-factor authentication (MFA), but one that replaces passwords with a more secure authentication factor, such as a fingerprint or a PIN. As an example, using facial recognition instead of a password is one way to achieve passwordless authentication.
The main advantage of this method of authentication is security. However below, you can find some other key benefits:
- Users do not have to remember complex passwords: numbers, letters, and special characters to be logged in.
- Users do not spend much time to logging.
- Passwordless authentication is simple to implement.
Using passwordless authentication can help:
- Reduce stolen credentials: Phishing, Keyloggers and unsecure sharing.
- Decrese exposure externally, Brute force.
- Lower the reuse of passwords.
- Reduce weak passwords.
Microsoft offers solutions based on platform, hardware, or software that you can try out today and map with your password-less authentication requirements.
Passwordless authentication options for Azure Active Directory
Each organization has different needs when it comes to authentication. Microsoft offers the following three passwordless authentication options that integrate with Azure Active Directory:
- Windows Hello for Business
- Microsoft Authenticator app
- FIDO2 security keys
Windows Hello for Business
Windows Hello for Business replaces passwords with strong multi-factor authentication on Windows 10 platforms, including PCs and mobile devices. This authentication consists of a new type of user credential that’s linked to a device and uses a biometric or PIN. Windows Hello for Business provides a convenient method for seamlessly accessing corporate resources on-premises and in the cloud.
Microsoft Authenticator app
The Microsoft Authenticator app enables users to verify their identity and authenticate to their work or personal account. Microsoft Authenticator can be used with a one-time passcode or push notification. The app can also be used to verify multiple factors and replace the need for a password. Users with Passwordless enabled, in place of encountering a password prompt after entering a username, users get a push notification to verify presence. In the app, users confirm their presence by matching a number on the sign-in screen, then providing a face scan, fingerprint, or PIN to unlock the private key and complete the authentication.
FIDO2 security keys
FIDO2 is an evolution of the U2F open authentication standard based on public key cryptography using hardware devices. This standard is intended to solve multiple user scenarios including strong first factor (password-less) and multi-factor authentication. With these new capabilities, a security key can entirely replace weak static username/password credentials with strong hardware-backed public/private-key credentials. Microsoft has been working with partners to ensure FIDO2 security devices work on Windows, the Microsoft Edge browser, and online Microsoft accounts, to enabling strong password-less authentication.
How to implement passwordless authentication
VNEXT understands that every organization is different and has different challenges and business needs. We can help you to modernize securely the authentication process on your organization, so if you’d like to learn more, reach out to us here with any question or help needed.