Hackers don’t break in, they sign in. Protect one of attackers’ most common entry points by going Passwordless.
Nobody likes passwords. They’re inconvenient and a prime target for attacks. Yet for years they’ve been the most important layer of security for everything in our digital lives. Most enterprises pride themselves of the complex passwords they enforce on their users. Users are expected to create complex and unique passwords, remember them, and change them frequently, but nobody likes doing that either.
Four steps to password freedom
Develop a password replacement offering
Before you move away from passwords, you need something to replace them. With Windows 10/11, Microsoft introduced Windows Hello for Business, a strong, hardware protected two-factor credential that enables single sign-on to Azure Active Directory and Active Directory. Deploying Windows Hello for Business is the first step towards a password-less environment. Windows Hello for Business coexists nicely with existing password-based security. Users are likely to use Windows Hello for Business because of its convenience, especially when combined with biometrics. However, some workflows and applications may still need passwords. This early stage is about implementing an alternative and getting users used to it.
Reduce user-visible password surface area
With Windows Hello for Business and passwords coexisting in your environment, the next step is to reduce the password surface. The environment and workflows need to stop asking for passwords. The goal of this step is to achieve a state where the users know they have a password, but they never use it. This state helps decondition users from providing a password anytime a password prompt shows on their computer. This behaviour is how passwords are phished. Users who rarely, if at all, use their password are unlikely to provide it. Password prompts are no longer the norm.
Transition into a password-less deployment
Once the user-visible password surface has been eliminated, your organisation can begin to transition those users into a password-less world. A world where:
- The users never type their password
- The users never change their password
- The users don't know their password
In this world, the user signs in to Windows using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business.
Eliminate passwords from the identity directory
The final step of the password-less strategy is where passwords simply don't exist. At this step, identity directories no longer persist any form of the password. This stage is where you achieve a truly password-less environment.
Contact us to get started.