In our last blog we shared with you seven steps on how to implement a Zero Trust strategy and how to deploy this across your digital estate. Today, in the final of our four-part series on cybersecurity we delve into Passwordless security and what it means for your organization.
For as long as there has been digital information that’s worth protecting, there have been passwords to shield this information from mal-intended entities. This method was somewhat cumbersome though it has been considered an effective safeguard against cybercrime. However, more recently, many cyber security experts agree that there are much better ways to secure IT environments, reducing business risk and costs. As we become more predictable in generating passwords.
How do passwords work?
Cybercriminals have been able to pick off passwords from unsuspecting users through clever phishing emails with ease, tricking even the most tech-savvy employees into giving mission critical access to bad actors. So, to prevent password breaches from giving immediate access to these cybercriminals, text-based MFA was developed and implemented by Cyber Security Experts everywhere. This required a text code to be sent to the user’s cell phone and entered in a timely manner to gain access to their resources, which ultimately added complexity to an already cumbersome authentication process but was largely foolproof in protecting valuable company data… until it wasn’t.
Hackers figured out ways to spoof cell phone numbers to receive these MFA codes, circumventing safeguards, and wreaking havoc on companies yet again. So, cybersecurity experts went back to the drawing board yet again to rethink the philosophy of authentication altogether. As long as users have control over their access through shareable passphrases, there will always be the chance that a hacker can fool them into giving access – so why not do away with passwords altogether?
Through the framework of Zero Trust, a new method of authentication has been developed that is revolutionizing how organizations approach authentication – and that is Passwordless.
Why your organization shouldn’t use passwords:
- Difficult to remember
- Easy to crack, particularly if you have other data of the individual/business
- A considerable amount of time is spent on resetting passwords by IT support which results in large business costs
- Highly susceptible to phishing attacks
Significant benefits that come with Passwordless authentication include:
How to implement a Passwordless framework:
- It starts with MFA – Most Passwordless deployments are combined with Multi-Factored Authentication. If you have MFA in place, you are a few easy steps away from going Passwordless. If not, get started with MFA. This is a must!
- Select a Passwordless form factor – FIDO security keys (like a Yubikey), Windows Hello for Business (camera facial recognition), and the Microsoft Authenticator app have features that allow you to log into Microsoft 365 without needing to enter a password.
- Reset all passwords in the Directory – After step 2, the users won’t need a password. The IT department should reset everyone’s password in the directory to something long and complex.
- Use Temporary Access Pass (TAP) – Microsoft 365 has a feature that allows users to have a password that will expire after a short time. This is helpful when onboarding new users or if there are technical difficulties with any of the Passwordless form factors.
Over the last four weeks we have shared some valuable information that will help your organization be Zero Trust ready! The topics we’ve covered were:
Week 1: Data governance best practices for legal compliance (including insurance) and data protection
Week 2 & 3: All about Zero Trust; a deep dive into what the Zero Trust framework is, its benefits and some valuable tips on how to implement it across your organization including the maturity model.
Week 4: Passwordless security – what does this even mean?!
To learn more about the information we’ve shared, ZTaaS and what we do, visit our website. Alternatively, if you want to get straight to implementing the Zero Trust model into your organization then Book a time with Matt.