Cisco Live 2021: Sun sets on the need for passwordsBy Ryan Noik 1 April 2021 | Categories: Corporate Events
Passwords are a pain. For users, they are a nuisance to have to keep track of, enter and retrieve and many people resort to using passwords that are ridiculously easy to crack – like 123456 – defeating the whole purpose of them providing a layer of security.
For enterprises, they are also difficult to manage and expensive, costing enterprises billions of dollars a year in IT support.
At this week’s Cisco Live, the company unwrapped its progress on enabling a passwordless future, introducing an infrastructure agnostic, passwordless authentication by Duo that enables users to skip the password and securely log into cloud applications via security keys or platform biometrics.
“Cisco has strived to develop passwordless authentication that meets the needs of a diverse and evolving workforce and allows the broadest set of enterprises to securely progress towards a passwordless future, regardless of their IT stack,” explained Gee Rittenhouse, the senior vice president and general manager of Cisco’s Security Business Group. “It’s not an overstatement to say that passwordless authentication will have the most meaningful global impact on how users access data by making the easiest path the most secure.”
The solution in a nutshell - Duo passwordless authentication will:
• Simplify and strengthen authentication for accessing cloud applications protected by Duo single sign-on (SSO) and third-party SSO and identity providers, by leveraging security keys and platform biometrics such as Apple FaceID and TouchID, and Windows Hello. Pairing passwordless authentication with Duo SSO enables organisations to consolidate hundreds of passwords and authentications into one easy login for users to cloud applications.
• Provide one security tool for all authentication scenarios thanks to Duo’s compatibility with hundreds of applications and identity providers, with no infrastructure change required.
• Reduce risk of password-related threats and vulnerabilities such as phishing, stolen or weak passwords, password reuse, brute-force, man-in-the-middle attacks and password database compromise.
• Add layers of security to the authentication with device health and behavior monitoring controls via Duo’s secure access product suite, further reducing risk in the event a biometric is stolen or not effective.
• Reduce administrative burden of password-related help desk tickets and password resets.
“Cisco is well-positioned to accelerate the adoption of passwordless authentication as enterprises seek to alleviate the password-related headaches that for years have plagued their users and IT teams,” asserted Jay Bretzmann, Program Director for Identity & Digital Trust and Cloud Security, IDC.
“While the transition will be a process for organisations due to legacy infrastructure, passwordless authentication is a key stepping stone to enabling a zero-trust security architecture and a feature that organisations must begin looking into,” he added.
The company pointed out that relying on biometrics to provide user identification is a natural evolution of the need for a password, citing its 2020 Duo Trusted Access Report, which found that 80% of mobile devices used for work have biometrics configured, up 12% the past five years.
“Passwordless is a journey requiring incremental changes in users and IT environments alike, not something enterprises can enable overnight,” said Wolfgang Goerlich, Advisory Chief Information Security Officer, Duo Security at Cisco. “Duo can help enterprises transition their environments and workforces securely and minimise user friction while simultaneously increasing trust in every authentication.
As a hybrid combination of remote and office bound working defines how we work in the future, the need for security isn't going away. However, it is more than a little reassuring that there will be options that are easier than the now antiquated and still annoying password, and that we are coming closer to a passwordless world.
Cisco’s Duo passwordless authentication offering is slated to become available for public preview around July.
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?