Going ‘Passwordless’ is not straightforward
Organisations rushing to adopt passwordless authentication are doing so for a variety of reasons: to deliver stronger security, reduce IT support costs, support remote working and to adopt a Zero Trust approach to verify each access request. But it is not a simple process and should not be rushed.
Passwordless authentication simply replaces passwords with a more suitable authentication factor. This means moving from a centralised credential repository (where passwords are saved) to a decentralised model in which no passwords are saved and each individual is responsible for their own passwordless authentication. This therefore eliminates threats posed by passwords.
But unlike Multifactor Authentication (MFA) which secures organisations, users often get frustrated with the additional security layer on top of having to remember their passwords. Passwordless authentication methods are more convenient because there’s no password to remember, and they’re compatible across most devices and systems.
One of the biggest benefits of going passwordless is its simplicity. While most people have already adjusted to using password managers, there are still some passwords (like master passwords) that need you may need to remember.
By going passwordless, you can verify your identity without having to remember anything. You may need to authenticate with a mobile app or scan your face or fingerprint, and that’s it.
However, there are barriers to immediate adoption and a host of elements to consider before implementing a passwordless environment to the enterprise. Central to this is inertia. According to a survey from Cyber Security Insiders some 22% of businesses still need persuading of the benefits of going passwordless. This could be because of the difficulty in adapting an entire IT infrastructure to a passwordless login. According to this research, two-thirds of its sample claimed they did not have the right in-house teams and skills for the seamless adoption of passwordless authentication.
Many applications are just not designed to go passwordless because identity authentication has traditionally been fragmented. It’s a complicated picture, even among the cloud providers that include multifactor authentication and identity management as part of their services. There is no doubt that this is a journey many organisations are now embarking on as they realise that passwords really are the weakest link and are costing billions in terms of data breaches. But it is not an immediate fix – it is going to take time to scope, plan and implement. It certainly cannot be rushed.
You may be interested in
Your guide to leveraging NCE pricing to get the best value
Renewing your Microsoft Licensing Agreement is an opportunity to align your IT strategy with your business goals. It allows you to take advantage of the latest technologies, optimise costs, and ensure compliance with industry standards. While this might seem straightforward at first glance, to achieve the best value and biggest discounts, it’s often more complex than it appears and navigating the renewalprocess requires careful planning. In this Blog we will walk through what you need to know about the new Microsoft Licensing rules,when to get the best value from your renewal, and how to review…
Loving your customers with AI, cybersecurity and peace of mind with MSP support
2024 has marked a massive shift for SME IT needs, as creating an appropriate and optimised business strategy has become an increasingly difficult challenge for business owners and IT operators nationwide.
Protect your student data from continued ransomware attacks, says Espria
With ransomware rates still high for education organisations, better security oversight and orchestration is needed across UK schools.
Fortify and Reassure with Compliance and Cybersecurity Synergy
With new cyber threats emerging, businesses will need to develop a seamless and blended approach to cyber and compliance for strategic success.
UK businesses cannot continue risking reputation with shoddy security, says Espria
Sophos’ 2024 Threat Report recently highlighted ransomware as the biggest existential cyber threat to small businesses. While cyberattacks on large companies and government agencies may receive more news coverage, Sophos reported that SMB’s are generally more vulnerable to cybercriminals and suffer more proportionally from the results of a breach.
Peace of mind: Cloud is key in scaling systems to your business needs
Meeting the demands of the modern-day SMB is one of the challenges facing many business leaders and IT operators today. Traditional, office-based infrastructure was fine up until the point where greater capacity was needed than those servers could deliver, vendor support became an issue, or the needs of a hybrid workforce weren’t being met. In the highly competitive SMB space, maintaining and investing in a robust and efficient IT infrastructure can be one of the ways to stay ahead of competitors.