Moving to Passwordless Authentication, Part 2
Part 2: The Challenges
This is the second installment in a two-part blog series focused on moving to passwordless authentication. In the first installment of the blog series, we examined why organizations would want to move to passwordless authentication. In part 2, we examine the challenges in doing so. As we said in part 1, more information can be gained by reading our Guide to Passwordless Authentication.
The primary challenge in moving to passwordless authentication is managing credentials. Credentials management can be complex, both for IT professionals and for end-users, due primarily to legacy issues caused by existing identity and access management (IAM) systems and their use of passwords for authentication. For IT professionals, there are three primary challenges of credentials management:
- Too many systems – Credentials can be spread across several systems, which can be expensive and time consuming to maintain. In fact, employees frequently have more than 190 different passwords to log into the applications and systems they use every day, which only adds to the complexity of managing credentials.
- Too few resources – Many credentials require different enabling technology in order to work. For example, implementing FIDO, PKO or OTP for extra security can require expertise in a variety of technologies. This can be difficult on IT personnel when they lack expertise in these technologies.
- Too much risk – On- and off-boarding, or deprovisioning credentials when employees depart, are major risks because overworked IT departments often are slow to decommission credentials or don’t remove them at all. Studies show that 10% or more of employees can access their former employer’s data after leaving. This means they can take a variety of sensitive data after leaving their place of employment, ranging from intellectual property, to customer lists, to more harmless-sounding but important items like presentations and spreadsheets for “formatting” or other purposes.
IT complexity challenges are only half the equation when talking about credentials management. End users also have some fundamental questions, which include:
- Do I have to use all these platforms? – Switching between different software platforms to issue and manage credentials can be confusing and difficult to track. Passwordless solutions that work with existing platforms simplify this challenge by enabling end users to have a single place to manage their credentials. This “one and done” capability takes much of the pain out of credentials management for end users.
- How do I renew? – Credentials need to be periodically renewed or replaced, which can be a challenge for end users when they have to do so across multiple platforms. Similar to the bullet above, a passwordless solution should simplify the end-user experience by giving them a single source for renewing or otherwise changing their credentials.
- When can I get back to work? – If a credential gets lost or expires, employees are locked out of their systems until IT resets things. This is one of the main reasons why passwords can be so expensive, because employees sit idle waiting for their new credentials and IT spends a great deal of time resetting them. A passwordless solution that provides end-user self-service for resetting passwords decreases or even eliminates the amount of time end users must wait for IT help desks to resolve password-related issues. This enables them to be more productive while enabling IT help desk personnel to focus on more strategic issues.
Consolidating Credentials Management
The issues outlined above, both for IT and end users, are where many journeys to passwordless hit a wall. Deploying new credentials for passwordless and encouraging employees to adopt best security practices can be difficult. This becomes worse when the credentials are spread out across multiple IAM platforms.
These problems can be overcome by bringing all credentials under a single passwordless platform. The goal is not only to be more secure, but also to simplify the environment. Consolidating credentials management on a single passwordless platform makes credentials management easier and enables employers to avoid the common pitfalls of moving to passwordless authentication.
Such a solution improves overall security by enabling organizations to integrate existing credentials and to ensure they are authenticating every user, machine, and device on the network. This helps to ensure that only authorized people or machines are on the network – thereby greatly improving security. It also lets end users have a single authentication platform to use, rather than managing credentials across multiple systems.
This takes pressure off the IT team by streamlining credential management, saving time, and encouraging best practices among employees. For employees, they are empowered by having just one platform to think about to update or manage credentials, reducing IT helps-desk calls, and not experiencing authentication-related delays.
Moving to passwordless authentication, or what we like to call passwordless orchestration, with a consolidated solution can enable organizations to overcome the IT and employee challenges associated with traditional credentials management. With Axiad’s platform Axiad Cloud, organizations can simplify the lives of their employees and IT personnel while increasing their overall cybersecurity posture. To learn more, see our Guide to Passwordless Authentication.