Passwordless Helps Security Teams Delight End Users

Identity is the next perimeter today. Bad actors are not always hacking into your systems all of the time. They have your company IDs and passwords. They are logging into your systems. Why not take those keys away from the attacker and move towards stronger security controls? Passwordless does just that. Passwordless has the ability to take away ID and password combinations that can be purchased off of the dark web or socially engineered. Passwordless provides you with a more secure system to allow your employees to access to conduct business. Is it time that your company moved towards this type of solution?

Today, your end users are writing passwords on sticky notes and pasting those on the bottom of their keyboards or computer screens. I have found this situation in more than one office location. Now after the pandemic, do you really think that this is getting any better? Now is the time to take a hard look at passwordless vendors that are out there and see if you can find a solution that is right for you to improve your security posture for your end-user community.

Passwordless allows you to improve your current solution and remove the password from having to be used. You can use either biometrics or applications on smartphones now to log into your systems. There are also other hardware tokens that you can layer on top of a solution for further improvements, like a Yubikey from Yubico. Some companies require that additional layer of verification when logging in and not just an application on their phones.

What are some of the benefits that passwordless is going to provide? A passwordless solution is going to allow your end users to no longer have to rotate their passwords every 90 days. These same users will no longer have to call the help desk to get their passwords reset. Even if you have developed or used Microsoft’s self-service password reset solutions, users still continue to call the help desk. You can also remove the issue of having passwords written on those sticky notes. You can get rid of passwords in some cases to be able to increase the overall complexity and rotation frequency in other solutions. You, as a security leader, would be increasing the overall security posture for your company. You would be hardening your identity security perimeter while also delighting your user base that will not have to wait on hold with the help desk.

 To get started, look at some of the solutions that are out there today. Beyond Identity and Secret Double Octopus should be two companies that you make your short list of vendors to review. I do not think that you will find that this is money or time well wasted here in your evaluations. Just know what you want to do and what you will not settle for here in this space. Also, have your users be a part of the evaluation too.

If you need something to help you pay for this solution with a business case, then look no further than the amount of productivity lost by calls for password resets to the help desk. In most companies that have been in, you will find at least 30 percent to 40 percent of all calls to the help desk are for password-related calls. What is the total cost of your help desk today? The help desk can do call closure metrics based on call type. Your help desk leader should have this information for you for the last 12 months.

If your company purchases insurance for security-related claims, then you can ask your insurance company what would be the difference in what you are going to have to pay with or without this solution. This would be another form of hard savings.

What is the productivity of your current staff across all lines of business today? Since you may be changing your passwords once every 90 days, then this is ongoing and not just a once or twice-a-year thing. If you have password expirations spread out across the organization, then these are calls to your help desk every day. Use those numbers to come up with a way to fund your plan for increased security.

In closing, the time for passwordless evaluation and implementation is now. You and your company should take a look at these solutions that I have mentioned above, as well as any other vendors that your teams have found. This is your opportunity to delight your users and increase overall security. Help shut the door on one of the biggest areas where attackers are hitting companies the hardest. Thank you for your time.