Less Passwords is better
Table of Contents
In the 1960s, passwords were created to secure files. But our technology and knowledge have developed, and now Passwords are no longer secure and are the most significant security risk. Passwordless should be on your roadmap since this will force your organization to start improving authentication for any legacy application.
Passwords are a primary attack vector. Bad actors use social engineering, phishing, and spray attacks to compromise passwords. A passwordless authentication strategy mitigates the risk of these attacks.
User adoption is easier than ever
Users are already used to authenticating with no passwords to various services like Apple face recognition, Gmail, and their personal Microsoft accounts.
What is stopping us?
Most organizations are still using applications that use old authentication and require passwords because the backend hasn't been developed for too long. Which is a huge setback, and you as an IT professional should put this on the agenda. Enabling new tech is not hard, but making your organization understand that using hours on development is.
old way vs. new way
Legacy (or basic) authentication is characterized by:
- a client or network protocol that is incapable or not configured to do modern authentication
- a client which sends both the username and password to the application
- an application using the username and password to get a logon token on behalf of the user
Modern authentication is characterized by:
- a client and service capable of using OpenID Connect, SAML, and/or OAuth 2.0 for authentication
- a client and service which can accept redirects to the identity provider for all authentication interactions and can work with authentication tokens of the protocols above
All Microsoft cloud services are modern authentication capable. So whether legacy or modern authentication is dependent on the client's capabilities, you can often update your client application or change to an alternative client application to use modern authentication.
Temporary Access Pass, aka TAP
Microsoft is making the passwordless journey almost complete by making TAP General available at no extra cost if you already use Azure Premium P1.
This new function is vital for onboarding users to passwordless sign-in.
- Onboard to Passwordless sign-in with Authenticator App
- Onboard to Windows Hello for Business
Links
- Secure authentication method provisioning with Temporary Access Pass - Microsoft Tech Community
- Legacy authentication | IT Connect (uw.edu)
- 10 Breakthrough Technologies 2022: The end of passwords | MIT Technology Review
- Plan a passwordless authentication deployment in Azure Active Directory - Microsoft Entra | Microsoft Docs