Follow these 4 steps to create a passwordless authentication

The continuous stream of ransomware attacks has shown that passwords are not sufficiently secure.

Passwordless authentication increases security, improves user experience, and provides deeper insight into user activity. Here are four tips for building and deploying this tool:

1. Deploy a replacement before changing authentication system

Microsoft Windows Hello for Business is a good option for organizations that rely on Active Directory. It has strong, hardware-protected credentials enabling single sign-on to Active Directory on-premises and in the cloud.

2. Evaluate the risks to develop authentication requirements

This will determine the likelihood and impact of a breach in each system and help you develop appropriate authentication requirements for them. It will also help you prioritize your work, focusing on the highest risks first.

Click on the banner below to access a personalized content experience and exclusive articles.

3. Limit how often users type passwords

Removing the requirement to enter passwords multiple times dramatically improves the user experience by allowing them to switch between systems seamlessly and breaking the habit of routinely use passwords. Once you reduce the number of times that users encounter password prompts, you can move to a truly password-less environment.

4. Remove passwords from the identity directory

This is the ultimate goal of a no-password policy, but you won’t be able to take this last step until you modernize all legacy systems that rely on password authentication. Once you have removed passwords completely, you are safe from password theft attacks because there is simply no password to steal.

RELATED: What is role-based access control and how can it help agencies?

Source link

Comments are closed.