For enterprise IT departments, nothing costs more than password support and maintenance. It is common practice for IT to attempt to reduce password risk by requiring stronger password complexity and demanding more frequent password changes. However, these tactics drive up IT help desk costs while also contributing to poor user experiences related to password reset requirements. Most importantly, this approach isn’t enough for current cybersecurity threats, and doesn’t deliver on organizational information security needs. 81% of hacking related breaches used either stolen or weak passwords1.
The reasons to eliminate authentication systems using passwords are compelling and all too familiar to every enterprise IT organization. But how do you do it?
Today, companies are moving toward password-less authentication using Multi-factor authentication (MFA) with technologies like biometrics, PIN, and smart-cards, and devices that your employees already use, such as smartphones, webcams and security keys.
Here are the key considerations for implementing password-less authentication into your MFA strategy:
- Understand Password Risks: Analyze the current state of your environment to see how bad passwords are being used, and evaluate the ways in which eliminating passwords will be beneficial for your organization. Learn How.
- Choosing the right technology: Develop password-replacement offerings with a new set of alternatives that address the shortcomings of passwords while embracing their positive attributes. This early stage is about implementing an alternative and getting users acquainted with it. Microsoft offers solutions based on platform, hardware or software that you can try out today, and map with your password-less authentication requirements.
- Windows Hello for Business replaces passwords with strong multi-factor authentication on Windows 10 platforms, letting you sign in with your face, iris scan, fingerprint or PIN. It enables you to authenticate users on enterprise applications, content and resources without storing a password on your device, or in a network.
- Microsoft Authenticator App allows users to verify their identity and authenticate to their personal or work accounts. You can leverage Microsoft Authenticator to augment a password with a push notification or one-time passcode. You can also use the app to verify multiple factors and replace passwords entirely.
- FIDO2 standard solves password problems in multiple user scenarios, including strong first factor and multi-factor authentication. Microsoft works with partners to ensure FIDO2 security devices work on Windows, the Microsoft Edge browser and online Microsoft accounts, to enable strong password-less authentications.
- Understanding how it works: Get to know how password-less technologies overcome security challenges and reduce the user-visible password-surface area. Adopting these technologies means upgrading experiences related to the life-cycle of a user’s identity—including provisioning of an account, setting up a brand-new device, using the account/ device to access apps and websites, and enacting recovery. To learn more about the technical and deployment guidance behind Microsoft Password-less technology implementation, access the full webinar here.
- Increasing user adoption – Simulate a password-less world—that is, enable end users and IT admins to replicate the approach in a test environment and transition into a password-less world with confidence. This simulation should encourage a cultural shift within the organization, getting users comfortable with the idea of never typing, changing, or even knowing a password going forward.
Many corporations have begun their journey to realize a password-less world. To learn more about making the leap into the future with your own company, read about Lululemon’s journey to implement Azure AD, or read about how Microsoft has deployed Windows Hello for Business.
For support when getting your own organization started, try FastTrack for Microsoft 365, which provides end-to-end guidance to set up your security products. FastTrack is a deployment and adoption service that comes at no charge with your subscription. Get started here.
1 Verizon 2017 Data Breach Investigations Report