Don’t let issuing credentials stand in your way to passwordless
By: Nicolas Malbranche
By 2022, Gartner predicts that 60% of global companies will use passwordless solutions to authenticate their users and devices, and 90% of mid-size businesses will. Passwordless is now seen as essential among IT leaders, with 92% of CISOs predicting it’s the future of authentication. Businesses are now searching for alternatives to passwords, as we’ve discussed in previous blogs.
Many of these companies are already off to the races and are implementing new credential types for their workforce to use for their business applications, company devices, office access, and more. There’s currently no “silver bullet” credential to ensure end-to-end security, so businesses need to implement different credentials for different use cases.
These can range from mobile authenticators to YubiKeys or even smart cards. They each usually come with their own management platform, such as an authentication cloud platform, Certificate Authority, or CMS. This is where companies usually begin to run into issues on their journey to passwordless. These platforms are often confusing for your users, each with disparate interfaces and workflows to navigate and remember.
User-centricity is essential to achieve passwordless authentication
When employees use multiple credentials to gain access to their various applications, they often forget credentials, lose them, or struggle to manage each lifecycle. It can be challenging to find the right balance between security and usability – while credentials are essential to protect the remote workforce, users still need to be able to operate effectively.
And what happens if you don’t strike the right balance, and users find it challenging to issue a new credential or update an existing one?
One result could be that they get locked out of their system and need IT’s help to regain access. These credential issues lead to over 40% of users’ help desk calls, and when the help desk is busy it leaves employees locked out of their systems and unable to get on with their tasks. The average employee spends over two hours a week waiting for IT assistance, equating to a day a month wasted when they could be focusing on their essential work. This loss in productivity can dissuade companies from deploying multiple credentials and prevent them from achieving end-to-end authentication security.
Another potential impact leaves your business open to further risk. Often if employees are working on critical projects and run into problems issuing or managing one or more of their credentials, they find workarounds to access their system without following your security protocols or using the correct credentials. In fact, 42% of employees admit to frequently ignoring company policy just to do their job. This puts your security at risk and is a major roadblock on the road to passwordless.
How can you limit this unnecessary downtime each time a user needs to issue or update a credential, or encourage users to follow MFA best practices when they run into problems? You need a solution that makes issuing new credentials so simple that employees can do it in seconds, without IT’s help.
Issuing credentials can be easy with One Click Issuance
In the past, when an employee had to issue a new type of credential, it required them to figure out which software they needed, where they could download it or how to access it, and what steps they had to take to issue the credential. They would then be taken through a multi-step and time-consuming process, which could include downloading software, registering with the platform, filling out multiple forms, and then finally enrolling the credential.
More often than not, this led employees to reach out to IT for help. If their help desk was already busy, they incurred unnecessary downtime while waiting for assistance. And if everyone who needed the new credential had the same issue, the help desk would be flooded with requests for help, meaning they couldn’t focus on their core projects.
Not with One Click Issuance – one of the key features of our SMARTidentity solution. Employees no longer need to worry about finding the right platform for each credential, and they no longer have to deal with multi-step issuance processes. With One Click Issuance, they can issue any credential in their Axiad User Portal, with just one click.
Let’s say your employee already has a mobile MFA credential and now needs a YubiKey to get access to their privileged accounts. Now, instead of searching for the correct platform or downloading new software, they head to their Axiad User Portal, which they are already familiar with using for their other credentials. On their dashboard will be the option to issue a new credential – one click, and they’re already almost done.
The portal will automatically offer to enroll the device types you have enabled for your user in your employee directory. They then create a PIN associated with the credential. Some devices such as YubiKeys will require the employee to prove they have physical access to their token by quickly pressing the gold key. The entire process takes a few seconds. By combining the PIN (something they know) with the device (something they physically have), your users can now authenticate with a higher level of trust.
One Click Issuance works exactly the same for all connected devices (smart cards, USB tokens, or TPM). For mobile authenticators like Axiad ID, users simply scan a QR code with their mobile device. Unlike many other mobile authenticator solutions, this QR code does not contain any cryptomaterial and only allows the enrollment of one device at a time. It’s just as straightforward with OTP tokens, where users can enroll their device with its serial number.
It’s truly that simple – no need for new software, no need for confusion, no need for contacting IT. Everything is web-based in a single user portal for your employees. Users can keep themselves secure and productive by quickly issuing their new credential and moving on with their day. With this easy process employees are also less likely to find workarounds in your security policy, since complying with each credential is now far easier.
Solutions like One Click Issuance work to find that balance between security and usability. They make it easier for you to adopt multiple credentials, and easier for your employees to maintain their security, no matter where they are located. With Axiad SMARTidentity, you can finally break down the barriers between your organization and passwordless authentication.
About the Author
Nicolas Malbranche is a Senior Technical Consultant at Axiad.