A password-less experience enabled through no-click access SSO mitigates risk, reduces password fatigue, and enables productivity.
By Wes Wright, CTO, Imprivata
Password complexity is one of the most cost effective and simple ways for organizations to improve security. It’s widely embraced across industries and often supplemented with multifactor authentication (MFA) to confirm identity and further boost security. But what impact do these added verifications have on the end user?
Don’t get me wrong, these practices are easy to adopt and have significant security benefits. However, the more controls and verifications required for employees, the more burdensome the workflow becomes. With the need to enter and remember several long passwords throughout the day and re-authenticate with MFA, this process slows workday productivity. The more often employees need to log in, the more likely they are to select simple passwords or seek workarounds, creating vulnerability for the network.
Simplifying passwords is not an option. In fact, most of our own passwords are weaker than we realize. For example, while a password of eight standard letters has billions of possible combinations, a computer can calculate the password instantly.
This isn’t to say that passwords should be eliminated completely. Rather, they should be invisible to the end user as part of a holistic digital identity strategy.
Password-less authentication enables employees to get to work faster, securely.
Providing a password-less experience
Think of it this way. The best way to authenticate is through something you know, something you have, or something you are. In practice, a password is something you know; a company-issued RFID badge is something you have; and a face or fingerprint scan ties that access to something you are. Any of these provide access…but incorporating all three or a combination of two proves your identity and prevents bad actors from fraudulently authenticating as you.
As increased regulatory recommendations from NIST and CISA call for stronger password policies and MFA, highly regulated industries like manufacturing should consider solutions to maintain password complexity while making the log-in process practically invisible…specifically through something you have (an ID badge) or something you are (a biometric).
Many manufacturers require their end-users to authenticate multiple times a day, as they need to access technology to automate processes and keep operations functioning. To prevent workers from forgetting passwords, writing them down, or simplifying them, manufacturers need a streamlined approach to identity and access management that eliminates the password from the log-in process. Consider this workflow: an employee signs in once by tapping their ID badge, then re-authenticates their identity at each subsequent sign-in/sign-out during the day, either through badge taps or biometrics. These methods can also be utilized for MFA – contributing to further time savings.
We need the password, but we don’t need to remember it
Every user needs a different, complex password for each app and device they access. But imagine if that password never needed to be entered because it was stored in an active directory, keeping track of each digital identity’s appropriate permissions within the organization. Within the directory, the password is associated with the end user’s RFID frequency badge and with their biometrics.
In this scenario, passwords can be extremely complex because that user never has to enter or remember it. Those two authentication methods – something you have, something you are – prove that user’s digital identity. Whether they are invoking it with their badge or fingerprint, the password is invisible to them. This method of no-click access single sign on (SSO) is key reducing the risk of vulnerabilities while increasing employee productivity.
Single sign-on that integrates with everything
This approach can be a game-changer, but only if your SSO integrates with all your technology. A fragmented, hybrid cloud and on-premises environment is common for critical industries like manufacturing…but it makes managing digital identities a challenge, requiring users to juggle multiple passwords. Implementing SSO for only a handful of cloud apps won’t cut it. For manufacturers looking to reduce log-in time without sacrificing security, providing users with a password-less log in experience for every app, device, or workstation, can significantly streamline operations.
This multi-layered approach will also free up time from your IT team who deals with onboarding, offboarding, password resets, and more. Reducing the burden on your help desk and IT professionals powers them to focus on technology rather than recovery, advancing your organization even farther. From an operational standpoint, SSO paves the way to comprehensive digital identity management.
Remember, passwords are just one of three factors of authentication. But when you combine them with the other two legs of the stool, ‘something you have’ and ‘something you are,’ manufacturers and other critical industries can go beyond security with an agile, efficient, and productive workflow for all.
Wes Wright is the Chief Technology Officer at Imprivata. Wes brings more than 20 years of experience with healthcare providers, IT leadership, and security.
Prior to joining Imprivata, Wes was the CTO at Sutter Health, where he was responsible for technical services strategies and operational activities for the 26-hospital system. Wes has been the SVP CIO at Seattle Children’s Hospital and has served as the Chief of Staff for a three-star general in the US Air Force.
Wes holds a B.S. in Business and Management from the University of Maryland and received his MBA from The University of New Mexico. Wes is a member of the CHIME & AEHIT Virtual Health Policy Workgroup.
The post Go Password-less. It’s Not Just Possible It’s Desirable appeared first on Industry Today.