Login security is one of the biggest problems that companies face when it comes to balancing user productivity with cybersecurity protections.
Compromised passwords are at fault in 80% of hacking-related data breaches. A key problem is that employees have so many passwords to handle that they often make them weak so they can remember them. They also use the same passwords multiple times.
Employees reuse an average of 8 passwords across personal and work accounts.
Even with device and email security protection, if a hacker has legitimate user login credentials, they can often bypass security and breach a system.
Many companies deploy two-factor authentication (2FA) to help secure their logins. While it definitely helps reduce account hacks, it has the unfortunate consequence of being frustrating for users and reducing their productivity.
Azure Active Directory’s (AD) new passwordless sign-in option balances both security and convenience to give users a smooth and secure login experience.
How Does Azure Passwordless Sign-in Work?
Many of those in the technology industry think that the future is passwordless. But if there is no username and password to authenticate that someone has access rights to a webpage or application, there has to be another way.
That’s the idea behind Azure AD’s new passwordless sign-in capability. It’s designed to provide the security of a sign-in using 2FA, without the inconvenience.
54% of surveyed employees say that 2FA disrupts their workflow.
With passwordless sign-in organizations are given three options for how to deploy it:
- Windows Hello for Business
- Microsoft Authenticator App
- FIDO2 Security Keys
Each are used in a slightly different way and use authentications like biometrics and security keys to allow users to log into their business applications without the need for username and password entry. Here’s how each works.
Windows Hello for Business
This method works well for workers that have their own designated Windows computer that they work at exclusively.
It authenticates using a biometric or PIN that is tied directly to that user’s PC. It can be used with both on-premises logins as well as those for cloud applications.
- User signs into Windows on their PC using either a biometric or PIN code
- This unlocks the Hello for Business private key, which is sent to a Cloud Authentication security provider
- The provider requests a number only used once (nonce) from Azure AD
- Once Azure AD returns the nonce, the provider validates the user login
- This allow the user access to Windows and cloud and on-premises applications without the need to reauthenticate
This is what’s known as a single sign-on (SSO) experience.
Microsoft Authenticator App
This method of passwordless sign-in is for employee mobile devices, both iOS and Android.
Once the user downloads and sets up the Authenticator App on their device, they can verify their sign-on using either biometric (touch or face) or a PIN. The authentication follows a similar pattern as Windows Hello for Business, with an extra step.
Users will receive a “proof-of-presence” challenge in addition to the nonce verification.
FIDO2 Security Keys
This is an unphishable standards-based passwordless authentication method that is designed to be more flexible and can come in any form factor.
FIDO stands for Fast Identity Online and it allows companies to leverage the standard for multiple types of logins using an external security key or platform key that is built into a device.
FIDO2 security keys support SSO for both cloud applications and on-premises software. This standard can also be used for login in supported browsers.
This authentication method offers additional security and can also be used by companies that have employees not able or willing to use their phone as a second authentication factor.
Why You Should Consider Moving to Passwordless Sign-in
The problem with passwords has plagued companies since beginning of the computer age. After all these years, password hacks are still the major cause of data breaches and other cybersecurity incidents.
It’s projected that by 2022, 90% of mid-size enterprises will use a passwordless system in over 50% of use cases.
The key advantages are:
- Improved Security: With device-based authentication, hackers from halfway around the world can’t get into your logins because they don’t have your device.
- Better Productivity: By eliminating the back and forth with a user having to get a text message and input a code for each login, productivity is improved and users are less frustrated
- Easy to Scale: With a passwordless Azure AD strategy that uses SSO, users only have to sign-in once to access multiple applications. Adding new applications to the process is easy and doesn’t change the user experience.
Let Unity IT Help Your Fresno Business with Login Security
The business world is moving to passwordless methods of authentication. Get ahead of the game by having us help you set up Azure AD passwordless sign-in for your organization.
Contact us today to schedule a consultation at 559-297-1007 or reach out online.