Real-World Results: The Impact of Passwordless Authentication on the Credential Management Lifecycle
It’s no secret that passwords have plagued IT teams for years. Rather than improving, however, the situation seems to be getting worse. Despite the password’s obvious deficiency as an authentication technology, it’s still the exception, rather than the rule, for organizations to move to passwordless authentication.
The most talked about reason passwords cause IT teams such a headache is their ability to be easily compromised by cybercriminals. In an effort to remember all their different account credentials, too often, end users craft simple, easy-to-guess passwords or reuse them across accounts – and weak and repeat passwords exponentially increase security risk within an organization. And, even in cases where passwords are strong, increasingly sophisticated cybercriminals are figuring out how to compromise them through advanced phishing, ransomware, and other attacks. In fact, according to the FIDO (Fast Identity Online) Alliance, passwords are the root cause of more than 80% of data breaches.
An equally troublesome, yet often less discussed, challenge posed by passwords is the financial and productivity effects they can impart throughout the credential management lifecycle. In an effort to bring more attention to this piece of the password puzzle, in this post, we’ll examine why passwords create issues in credential management, demonstrate how passwordless authentication can solve them, and then provide a real-world example to showcase the results that can be achieved with a passwordless authentication solution that offers self-service credential management.
Credential Management Challenges
Credential management can affect IT teams and end users equally – resulting in a double hit on business operations and the bottom line.
- Impact on IT: When end users forget their passwords, need a reset or renewal, or request an account recovery, IT professionals have to spend hours managing their requests – taking time away from higher level projects that advance the business.
- Impact on end users: When end users forget their passwords or they expire, employees are locked out of their systems until IT can get to their call or trouble ticket. This means they can’t do their job and have to sit idle until the problem is fixed.
As a result, organizations battle productivity and efficiency challenges on both the IT and end user sides of the house – and this comes with a price. In fact, according to Forrester, the average large U.S. organization spends more than $1 million annually supporting passwords. In today’s uncertain economy, this is money that many organizations can no longer afford to lose.
How Passwordless Authentication Helps
True passwordless solutions take passwords out of the authentication equation and provide employees with self-service capabilities for account recoveries and credential renewals, which not only helps organizations overcome the IT and employee challenges associated with traditional credential management, but also shores up security by eliminating them as a target for cybercriminals.
It’s important to note that not all passwordless solutions are created equal. Most passwordless solutions still require a password or other shared human secret. While these solutions might hide the secret from the end user to deliver a “passwordless experience,” behind the scenes, the shared secret is still there and can be stolen and exploited. When we talk about “true passwordless,” we mean “no password passwordless” – in other words, solutions that eliminate the reliance on legacy approaches and secure all entities without passwords or shared secrets.
For example, Axiad Cloud delivers organization-wide passwordless orchestration to connect users and machines to data and applications from anywhere. It offers a full suite of modular, passwordless authentication capabilities, including passwordless Multi-Factor Authentication (MFA), Certificate-Based Authentication for IAM, Passwordless Orchestration, and PKI as a Service. It supports the widest range of credentials in the market, including FIDO, Windows Hello for Business, YubiKeys, smart cards, mobile MFA, TPM, and biometrics.
In addition, Axiad Cloud offers the critical missing ingredient in many other passwordless solutions – Authentication Management Lifecycle that includes self-service end-user utilities, including the ability to enroll the authenticator(s) of their choice, issue credentials onto the authenticator, recover accounts without IT intervention, and renew credentials either for account recovery or at expiration. With this feature, organizations can achieve the proper balance between protection and usability – empowering end users to easily access what they need, when they need it, without compromising security.
For employees, this means they can more easily manage their own credentials – eliminating the need for password-related calls to the IT help desk, enhancing productivity and delivering a superior experience. Self-service credential management also allows IT to be more efficient because they no longer have to devote so much time to resetting passwords and recovering accounts. From a business perspective, this all translates into enhanced security, increased operational efficiency, and reduced costs across the board.
We know that, before buying in, many companies need to “see it to believe it.” With this in mind, here are some snippets from a PeerSpot review recently posted by one of our Axiad Cloud customers:
- The Challenge: “We were looking for a way for users to self-serve and increase productivity. Before Axiad Cloud, every time a user was locked out they would have to call the help desk and wait for someone to call back and help them recover their accounts. Now users can do it themselves and cut down on the time they are down with an expired credential. That was the primary driver for why we looked at using this solution.”
- The Solution: “Our use case is credential management for one of the business units. Axiad provides credential management for those users, including the creation of new credentials and life cycle management of them. When credentials expire, users can self-serve and perform updates.”
- The Benefits: “The biggest benefit is that Axiad Cloud has increased the productivity of the business unit where it has been deployed. Before, we had anywhere between 10 and 15 percent of our users that were, at any given time, not able to sign into their systems because of expired credentials. With the introduction of the solution for that business unit, that number went down. That’s a measurable advantage. Users also say it is much easier to use but that is not something that we can measure.”
- Most Valuable Feature: “The life cycle management of credentials is the aspect that we have found to be the most useful. … The differentiator that Axiad provided was the ability to provide users a way to self-serve the updating of their credentials on their private keys. That was the feature we were most interested in and Axiad does an excellent job of it.”
- ROI Spotlight: “We did some calculations to determine how much it costs when a user calls the help desk to have an issue resolved. We tried to estimate how much time was wasted while they were waiting to be helped and how much we paid the help desk agent who was helping them. We came up with a figure of around $120 per user, per incident. The licensing for Axiad, per user, was less than that. In terms of return on investment, we estimate it at somewhere between 10 and 15 percent savings per user.”
To read the full PeerSpot review, visit: https://www.peerspot.com/products/axiad-cloud-reviews. To learn more about how Axiad Cloud can provide true passwordless authentication and operationalize an authentication management lifecycle at scale, contact us today.