Passwordless Authentication: benefits, challenges and deployment options

Poor password hygiene remains a key security weakness for many businesses. All employees know that a password should be long, complex, unique and never shared with anyone. Although this is simple in theory, in practice it can be difficult to remember a new complex password for every application or system. For this reason, it is common for employees to re-use passwords, or opt for a simple, easy to remember password. This is worrying, as a single user with a simple password may be the cause of a major cyberattack.

The introduction of multi-factor authentication has greatly reduced this risk, however it has come at the cost of convenience for users. The adoption of passwordless authentication aims to increase security, whilst providing a better user experience. In this article we will discuss the benefits, challenges and use cases for passwordless authentication.

What is Passwordless Authentication?

Passwordless authentication is a method of multi-factor authentication that negates the need for passwords. This is achieved through systems that verify a user’s identity using something they are (such as biometrics), or something they have (such as a mobile device or security key). When the user requests access to an application or system, a new authentication request is generated. Therefore, the user does not need to enter a password, and no password is stored within the platform, therefore there is nothing for a cybercriminal to steal or phish.

3 benefits of passwordless authentication

1: Improved user experience

For employees, having to remember multiple long, complex passwords can be a frustrating experience. Similarly, a poorly implemented multi-factor authentication solution can feel like a waste of time, especially if it is required for all applications. With passwordless authentication, the user experience is greatly improved, with no need to remember passwords. If passwordless authentication is implemented in Azure Active Directory with Single Sign On enabled, employees can log into once to have access to all the applications and services they use on a daily basis.

2: Increased security

If a cybercriminal gains access to an employee’s password, they can use the compromised account to access company data or launch another attack. With this form of authentication, this is not possible as it is not possible for a cybercriminal to steal biometrics from an individual. Similarly, as there is no password, phishing attacks are no longer a viable method of account compromise. 

3: Save time and money

IT teams spend a significant amount of time resetting employees’ forgotten passwords. With passwordless authentication, it is not possible to forget a password, or need it reset. This allows IT teams to spend more time focusing on optimising current use of technology within a business and ensures that employees do not lose access to critical IT systems whilst working.

Challenges

Ultimately, businesses will benefit from implementing a passwordless authentication solution, however they may run into some challenges along the way. The main challenge of passwordless authentication is the deployment process, if a business does not have experience with the technology, or visibility of all the applications and services employees use, deployment can become difficult and complex. Fortunately, there are tools and support available to help you successfully deploy a passwordless authentication solution.

Deployment options

Windows Hello for Business

Windows Hello for Business is an option that utilises two-factor authentication with a PIN and biometric authentication. The biometric authentication works by using pre-existing hardware on an employee’s work device. This may include either a fingerprint scanner, or facial recognition using the in-built camera. This method is more secure and convenient than a traditional password as it uses multi-factor authentication, and the biometric authentication only requires the user to touch a sensor or look into their camera. However, this method will not work if the employee’s device does not have a fingerprint scanner or in-built camera.

Microsoft Authenticator App

The Microsoft Authenticator app is another method of passwordless authentication that uses either biometrics or a PIN, similar to Windows Hello for Business. This option requires users to have the Microsoft Authenticator app installed on in their Android or IOS device. When the user reaches the login screen and enters their username a push notification will be sent to their phone, opening the Microsoft Authenticator app. They then enter either a PIN or use their phone’s native biometric features. This method works particularly well for businesses that already use the app for multi-factor authentication.

FIDO2 Security Keys

FIDO2 security keys are physical devices that work similarly to a key for a car or house. The keys come in many form factors, including USB devices, an NFC chip or a Bluetooth device. With this option, an employee must connect the device and they will be automatically logged in. This method is typically used by businesses that are particularly security sensitive or have employees that would rather not use biometrics or their phone for authentication.

Passwordless authentication is becoming more commonplace in businesses looking to improve their security posture, whilst creating a better experience for their employees. If you have any questions about taking the next step to a passwordless future, please get in touch. 

Cloud Business logo white
Microsoft Gold Partner Logo - Cloud Business

Cloud Business Limited
8 North Street
Guildford
GU1 4AF

2021 © Cloud Business Limited
Registered Company in England and Wales 06798438