News

Passwordless made simple with user empowerment

  • Bassam Al-Khalidi--www.securitymagazine.com
  • published date: 2021-11-22 00:00:00 UTC

None

<div class="body gsd-paywall article-body"> <p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">You must’ve heard it dozens of times by now: passwords are not secure enough to protect business data. But everyone mentions alternatives to passwords as if uprooting your current identity authentication system is a piece of cake.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">While your IT team might appreciate the switch towards a more advanced and secure method of protection, the majority of employees may struggle with the transition to a more technical security system, especially when this requires multiple new identity credentials.</span></p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Instead of limiting the discussion of the new system to the needs and expectations of your IT team, it’s best to map out the process all users would have to go through. This inclusive approach would allow you to understand the complexities of the implementation process and present solutions that limit them.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">There’s no need to go in blind. Learn from other enterprises and how they managed to smoothly transition their employees to passwordless. You could even test it out with a group of both technical and non-technical employees to get to know your own unique situation and reach a user-centric solution to any issue that may arise.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">The Struggles of Going Passwordless</span></strong></p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">It’s safe to say that all systems, cloud environments, and applications come pre-equipped with password protection, and most support a form of MFA. Passwordless authentication, while popular, isn’t as mainstream as traditional passwords. While relying on passwordless authentication is both easier and safer for IT and end users, the transitional period is everything but. That’s especially the case if it was thrust upon employees with an unreasonably short timeline to adjust.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Keeping passwords secure is common knowledge; make it random, make it long, keep it hidden, and change it regularly, but that doesn’t make it easy. Losing a password or having it expire can often mean a long wait while the IT department gets it fixed. All the while, employees are locked out of their accounts and can’t work.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">That’s not to say relying on passwordless is completely hassle-free. Losing a passwordless login token, for instance, could spell disaster if it weren’t reported missing in time. But you’re more likely to notice missing a physical login key than realizing someone now has access to your password. Not to mention, with a proper passwordless tracking system, missing tokens can immediately be disabled to prevent any unauthorized individuals from accessing the system remotely.</span></p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Passwordless authentication methods come in a variety of shapes and sizes, which can be puzzling for the average, non-technical user. If employees aren’t used to maintaining multiple credentials they need to issue, manage, and keep track of, moving a considerable portion of the company’s security system onto their shoulders overnight would create more problems than it solves.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Understanding the Difficulties From a Non-Technical Perspective</span></strong></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">When implementing a new technical system, the first step for most is to consult with their IT and security departments. After all, that’s what they’re here for. But unlike other technical systems, passwordless authentication isn’t exclusive to your IT staff. Everyone who works at your organization would end up using it to some degree.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Passwords are straightforward. Although they’re annoying to create and remember, they’re tried and tested, and employees at all levels of technical skills are able to use them with confidence. For a transition as seamless as possible towards passwordless, sometimes you’ve got to blur the line between IT and other departments. Simply throwing alternative login methods at employees with little to no guidance is a sure recipe for disaster.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Empowering Your Employees</span></strong></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">It’s easy to brush off employee empowerment as a workplace fad that has no merit. However, a 2018 survey that included over 12,000 employees from 12 countries around the world found the exact opposite. </span><a href="https://www.unisys.com/news-release/new-digital-workplace-divide-unisys-study/https:/www.unisys.com/news-release/new-digital-workplace-divide-unisys-study/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">Fifty-eight percent of employees</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> at technologically-late companies had negative feelings towards their employers. By limiting employee access to company-centric technology, most employees responded by not communicating their actions with IT as often as they should.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Dissatisfied employees were also more likely to find workarounds to the company system limitations instead of communicating their needs. Even with a strong password-based system, employees tend to resist certain time and energy-consuming security policies. On average,</span><a href="https://www.unisys.com/news-release/new-digital-workplace-divide-unisys-study/https:/www.unisys.com/news-release/new-digital-workplace-divide-unisys-study/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;"> 35% of employees</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> don’t comply with MFA procedures, and </span><a href="https://www.unisys.com/news-release/new-digital-workplace-divide-unisys-study/https:/www.unisys.com/news-release/new-digital-workplace-divide-unisys-study/" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">26</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">% of them disregard password managers altogether.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">IT leaders and admins need to prioritize passwordless technology that offers self-service options for users. By providing employees with a degree of autonomy and control in the workplace, they’re more likely to feel appreciated and trusted in the work they’re doing and the organization as a whole.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Facing the Reality of Multiple Credentials Head-On</span></strong></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">The average employee juggles anywhere from 70 to </span><a href="https://www.darkreading.com/endpoint/average-employee-manages-nearly-200-passwords" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">200 login credentials</span></a>, <span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">making forgotten or expired passwords inevitable. And just because they’re passwordless, it doesn’t mean these new credentials are easier to manage and keep track of. Even if employees manage to overcome the technical difficulties of upgrading tech, their ability to log in is still at the mercy of a credential managing and renewing system. With every new credential, they gain yet another management platform, which can be time-consuming and confusing to switch between.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Oftentimes, employees find themselves locked out of their accounts because their credential has expired. </span><a href="https://issuu.com/axiad/docs/2021-remote-workforce-security-report-axiad-finalhttps:/issuu.com/axiad/docs/2021-remote-workforce-security-report-axiad-final" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;">Fifty-two percent of employers</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> reported that their employees regularly found workarounds in their security system to cut back on wait time with IT. While that may allow them to get back to work asap, it’s far from ideal. Since passwords are all of the same nature, managing them and changing them regularly doesn’t take much effort. It can even be delegated to the user themselves to save the IT department some time and resources.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Switching to a passwordless security system should also mean adopting a centralized credential management system. One that allows employees to easily take charge of all their credentials</span><a href="https://www.axiad.com/passwordless-authentication" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;" target="_blank"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt; color: #4a6ee0;"> in one place</span></a><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"> with streamlined issuance of new credentials and management and renewal of existing ones.</span></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><br></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><strong style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">Include Employees in the Transition</span></strong></p><p style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;"><span data-preserver-spaces="true" style="color: rgb(14, 16, 26); margin-top:0pt; margin-bottom:0pt;">When it comes to security, users are just as valuable as managers and administrators. IT leaders need to implement passwordless with both the business’s security and user experience in mind. The implementation process needs to be gradual and transparent with the end goal of empowering users with self-service and automated options and reducing unnecessary interactions with IT always in sight.</span></p></div>