What is the Passwordless Solution?
Think of the passwordless solution this way. Did you ever lose or forget your password? Most of us have at one time or another. That’s probably why 67% of computer users report continuing to reuse old passwords or the same password on multiple accounts. This, despite 91% reporting that they’re aware that they shouldn’t do that. For a long time, we’ve suffered from password fatigue. If that describes you, we recommend the passwordless solution.
The average computer user must cope with 191 passwords even though it is possible to remember only about 20. No wonder that the most common password in use is 123456 or a variant of it.
More disturbingly, passwords—counterintuitively—are not all that secure. They never were.
On 8/20/2018, Microsoft urged organizations to move toward a passwordless strategy that would address password fatigue and to improve security.
On 9/16/2021, Microsoft followed up by announcing that their account holders would now be able to access their Microsoft apps without having to type in a password.
Has Bill Gates’s 2004 prediction that the password is dead finally come true?
Passwords and Security
Since ancient times, passwords have been used to provide security and protection. Millennia ago, armies used passwords to prevent enemy soldiers and spies from infiltrating their lines. Even in modern times from the American Revolution until World War II and later, sentries would challenge potential intruders with “Who goes there?” Give the wrong answer and you might be killed.
Despite attempts to keep passwords secret, they were always vulnerable to being stolen, overheard, guessed, or corruptly given to unauthorized persons. And pity the hapless member of the tribe who simply forgot or was never given the current version.
Even the first computer password, implemented in 1961 at MIT to regulate mainframe computer time among several users, was hacked. That same year, a researcher printed out all users’ passwords and gave them to other users—thus rendering them useless.
Since then, hackers have compromised passwords to gain unauthorized access to systems and data. Of course, methods for doing so have varied. Sometimes, they have run elaborate programs to break an encryption code. More recently, they use phishing schemes to trick human users into revealing their password along with other personal information.
Increasing Security with Enhanced Passwords
Since the 1980s, various strategies have been employed to strengthen passwords to maintain information security.
Some organizations require passwords to combine letters, numbers, and special characters in a string of a specific length to make the result harder to guess even with a high-speed computer.
Or you can opt to use passphrases—a multi-word phrase or sentence that only a user knows—to make access to sensitive information more difficult.
Nevertheless, enhancing passwords alone will not address the entire problem, especially the root causes of password fatigue.
The most effective strategy to date is to require Multi-Factor Authentication (MFA) by which a user who enters a “correct” password is then sent a unique code (usually via email or text to a smartphone) to submit in order to be granted access.
Advantages of Single Sign-On
However, organizations can create very strong security protocols by using enhanced passwords along with MFA in a comprehensive plan for every user. The objective is to make complying with such protocols swift and convenient for users. That objective can be met by introducing single sign-on (SSO).
Here’s where Microsoft’s passwordless solution comes in. When a Microsoft account holder grants permission to delete their Microsoft password, Microsoft generates and stores an extremely secure password for that user which is never revealed to the user. Instead, Microsoft authenticates each user through one of three methods: Windows Hello for Business (for Windows PCs), Microsoft Authenticator (a dedicated, downloaded app for mobile devices), and FIDO2 security keys (for remote kiosk users)—all of which use MFA.
Once a Microsoft user has been authenticated, access is granted to the user’s Microsoft account and applications, authorized portals, and other applications authorized by the organization. This eliminates the need to type in a password and to login to separate applications or portals.
Sound convenient? Then you might really enjoy our Now IT Works solution, which offers an alternative and exceptional support to Microsoft’s growing conglomerate.
The Now IT Works Passwordless Solution
Four major identity access management players exist in the space: Microsoft, Google, OneLogin, and Okta.
Of the four, Now IT Works chose OneLogin for the combination of their functionality, security, convenience, and price.
As with most single sign-on applications, each user generates a single, unique, very strong password. When signing on within their organization’s office location, they simply log in once with that password. They then have access to all authorized applications, websites and portals. No more logins or submission of their password will be required for that session.
If the user logs in from a remote physical location, from an unrecognized device, or at a time that is unusual, the system will use MFA to complete the authentication process. MFA is always required when a user logs in from a site external to the organization’s office.
For those who are concerned that Microsoft and Google control too much in the technology space, OneLogin specifically focuses on identity management. This allows them to offer superior support and end-user ease. In other words, it doesn’t require complex configuration. And when MS goes down, it helps to hedge your bets.
This means that users and organizations can confidently maintain direct control over access to their accounts. In addition, your team will be comfortable using a procedure with which they are already familiar. Having one strong password (with MFA when needed) makes signing on simple, convenient, and secure.
By installing such a smart system from OneLogin, Now IT Works continues to increase security for their clients while making adherence to robust security protocols more convenient for all users.
So, are passwords a thing of the past, deserving to be cast upon the scrapheap of history? If one considers only passwords alone, perhaps. But if we use passwords in conjunction with other methods of authentication in an SSO system, perhaps not.
For more information about how to enhance both security and the user experience for your organization, contact Now IT Works.
Upgrade your IT. Schedule Your FREE Introduction, today.