There’s been a lot of hype around passwordless. For all good reasons. First, Organizations still face password problems. The amount of time Information Technology (IT) teams spend to manage users’ login credentials that include usernames and passwords has been increasing over the last few years. Second, although organizations are spending a tremendous amount of time on password management, they still pose a security risk. Because passwords are just not secure. Cyberattacks are on the rise and 85% of them are related to compromised or stolen credentials. And what about the user experience? Lack of convenience leading to sub-optimal user behavior while managing the passwords finally leaving them frustrated.

The year 2020 saw a major shift in the remote workforce. As the initial move was taken in make-shift fashion to quickly embrace the unprecedented, this has albeit accelerated the digital transformation initiatives for organizations. Today enterprises are looking for ways to enable their workforce for permanent remote working by providing a secure means to log in to their workstations. An option that is not only frictionless but also boosts productivity.

SecurID has been on the forefront in offering passwordless authentication solution when it first introduced the support for Web authentication using FIDO2 (Fast Identity Online). FIDO2 being an open authentication standard strives to eliminate passwords by leveraging standard asymmetric cryptographic techniques and makes it convenient and compatible across platforms and devices without changing the security profile.

With the latest release of SecurID (MFA Agent 2.1 for Microsoft Windows),SecurID is  excited to extend the passwordless sign-in experience to Windows 10 laptops and desktops. A solution that provides multifactor authentication (MFA) to workstation logins leveraging the FIDO2 as a hardware authenticator meets the high assurance levels required for proving compliance, without impacting user convenience.    

The 3 compelling reasons why you should start considering a passwordless solution for your workforce today with SecurID:

1. Stronger: More than “Something you know”

FIDO2 security keys are better phishing resistant and prevent Man in the Middle (MitM) attacks. Windows login with FIDO2 security key as a strong form factor adds multiple layers of security like FIDO2 security key PIN, which is used to unlock the key itself and user presence tap on the key to make sure it is a human using the key and not a malware acting on behalf of the user.   Additionally, you can also configure other SecurID authentication methods (like Biometric/Push/Tokencode) as an additional authentication in addition to FIDO2  as part of sign-in.

2. Better:  Designed for seamless experience “Anytime Anywhere”  

Once you are enrolled for FIDO2 passwordless authentication, all you need is your FIDO2 security key and you are good to go - whether online or offline. If you are off the network and traveling, passwordless authentication works the same way it did when you were online. Because the last thing we want you to worry about is carrying multiple devices or different authentication experiences while roaming. We understand that there can be situations when a user has misplaced or lost their FIDO2 security key – Worry not, we have you covered. With emergency access support, the user can gain secure and easy access to their Windows 10 workstations in those circumstances and can stay productive.

3. Simpler: Path to P@$$w0rdless need not be complex

While we make a compelling case against passwords, you may be wondering how to go from password-laden infrastructure to a passwordless one. The transition is a journey and not an overnight switch. While you start thinking about your passwordless strategy, the following are the essential features of SecurID that you could consider and rely on.  

• Go in phases: Before rolling out to the entire workforce, select subset of users (using challenge groups feature) where passwordless be a good fit and start piloting.
• Flexible fallback options: SecurID allows you to configure other multifactor authentication methods that provide secure authentication mechanisms as fallback options when FIDO2 is not available.
• Simple recovery flow: In addition to supporting FIDO2 in offline mode, the Agent presents various options for the user to either use fallback options or replace with a new key in case of stolen/lost keys. All nestled intuitively in the login flow.

To know more about FIDO2 passwordless authentication refer to the MFA 2.1 For Microsoft Windows Release Notes.

Other enhancements that should not go unnoticed include: 

Email Customization options

If you are the Admin and wish you had a way to customize the email template to add some useful information to assist users. Well, we hear you. SecurID Cloud Authentication Service already provides email templates to notify users on device registration, deletion and delivering emergency codes. The April month’s release expands the signature field of the template to include up to 2000 characters. You can use this field to include any additional instructions or global helpdesk contact info or anything that you think useful.

JIT user sync for Admin-led on-boarding

While SecurID offers a self-service portal, My Page, which end users frequently use to manage their authenticators, there are scenarios where Administrators choose not to enable the self-service portal for end-users and instead onboard users themselves.  This enhancement allows help-desk Administrators to search for a new user, who is not yet synchronized to the SecurID Cloud Authentication Service, and generate a one-time mobile registration code for them to register their Authenticator. It also allows Admin to add user's mobile number for SMS delivery if needed. This capability is also part of User detail APIs to help integrate with custom help-desk tools. Now, Administrators can expedite new user onboarding without any delays or requiring bulk-sync.

 Anomalous users data shown on the Risk dashboard is now available through Admin APIs

 With this enhancement, Identity, Security operations and Incident response teams can gain visibility into top anomalous users within their organization based on user's and peer's access patterns. Using this Cloud Administration Anomalous Users  API, anomalous user data can be made available to the external system for further analysis, which can help Administrators to investigate and remediate any potential access risks to their organizations.

To know all about the product updates and releases SecurID Product Release Notes.