As the corporate world gradually awakens to the security dangers of relying on easily stolen and shared passwords, alternative security systems have taken the spotlight. Phishing is the #1 source of breaches by a large margin, resulting in credential compromise and subsequent abuse by would-be attackers.
Secondly, it is no secret that most organisations aspire to minimise reliance on the password, which is no longer seen as a viable security mechanism. The user experience falls prey to many pitfalls with users sharing them, forgetting them, locking them and having to remember sometimes dozens of different ones. Despite this conundrum, passwords remain as the most common method of authentication for most organisations.
Technology has evolved significantly in recent years with a range of capabilities that are providing organisations the means to use biometric authentication (such as TouchID) and hardware-based devices all intended to drive down the use, and therefore the risk, of using passwords. One aspect to this includes an easy “tap and go” device that uses modern security protocols to verify the user when protecting applications, eliminate the risk of phishing and replacing the password entirely.
This capability is referred to as “FIDO” and here are five reasons why FIDO can offer a phishing-free and passwordless experience for your organisation:
User Experience (UX): Passwordless authentication means no tricky and often complex array of memorised passwords. Removing passwords from the picture means users no longer have to cater to sometimes bizarre password rules and then be expected to remember them all. Nor do they have to type them in every time they log on or deal with the arduous “Forgot My Password” process.
Better Security: The FIDO is a standard built from the ground up to eliminate the possiblity of the classic “Man in the middle” attack which is the most commonly used exploit in existence to “phish” passwords. We all know that passwords are a major vulnerability when used to protect sensitive data, including in popular SaaS applications such as Office 365. Loop Secure’s authentication partner, RSA, certainly agrees with this assessment. There is no debate about it – passwords exist in a world where phishing tools are commonplace and other attacks include “credential-stuffing”, password spraying and other types of so-called brute force attacks.
Reduction in Total Cost of Ownership (TCO): Passwords are expensive; they require constant maintenance from IT staff, who have to update systems when users change their passwords, and, they need to be changed on a regular basis. The time it takes to reset passwords, configure password systems and lost productivity has been estimated to cost organisations nearly $2million per year based on an enterprise with up to 10,000 employees. Furthermore, almost no organisation factors in the cost of a potential breach when making purchase decisions – and to be blunt, the global financial cost of breaches adds up in the Billions.
IT Gains Control and Visibility: When using a security platform to protect sensitive data, whereever it may exist, IT gains a dimension of visibility into the use (and misuse) of credentials when users access that data. Secondly, when passwordless-based FIDO authentication is deployed there is nothing left to phish, share, or reuse. The user is no longer the wild card in an organization’s access scheme and IT are at the forefront of the first attacks.
Increased worker productivity: Eliminating password resets means increased employee productivity. When a staff member can’t access their application or data because of a timely password issue, then this creates a bottleneck and backlog of productivity. A seemingly minor task like resetting a password can take much longer than anticipated, and up to many hours in the day while waiting for IT support to get back to them. Secondly, the security control is no longer the barrier between the employee and their work – they simply tap a button and off they go, driving up productivity substantially while remaining highly secure.
So how do you get to the passwordless future?
Passwordless authentication is already quite common on many FIDO devices, which includes the potential to use an on-board fingerprint reader (just like your iPhone). These solutions exist right now Loop Secure has recently partnered with RSA SecurID, their FIDO capability and Yubico (the most popular manufacturer of FIDO keys called the Yubikey) to allow for integrated IAM and passwordless authentication for all users, in particular the Microsoft O365 stack.
To learn more, sign up for our upcoming webinar on September 8th -- How to get to passwordless authentication: bridging the gap between high-secure and low friction identity management for Cloud, Hybrid and O365 environments
