Going past the hype, passwordless authentication is now a actuality. Cisco Duo’s passwordless authentication is now typically accessible throughout all Duo Editions.
“Cisco Duo simplifies the passwordless journey for organizations that need to implement phishing-resistant authentication and undertake a zero belief safety technique.“ – Jack Poller, Senior Analyst, ESG
We obtained large participation and suggestions throughout our public preview, and we at the moment are excited to carry this functionality to our clients and prospects.
“Over the last few years, we have increased our password complexities and required 2FA wherever possible. With this approach, employees had more password lock outs, password fatigue, and forgetting their longer passwords due to password rotations. With Duo Passwordless, we are excited to introduce this feature to our employees to keep our password complexities in place and leverage different Biometric options whether that is using their mobile device, Windows Hello, or a provided FIDO security key. The Duo Push for passwordless authentication feature is simple and easy and introduces a more pleasant experience overall. Using Duo’s device insight and application policies, we are able to leverage and verify the security of the mobile devices before the device is allowed to be used. To top it off, Duo is connected to our SIEM and our InfoSec team is able to review detailed logs and setup alerts to be able to keep everything secure.” – Vice President of IT , Banking and Financial Services Customer
As with any new expertise, attending to a very passwordless state will likely be a journey for a lot of organizations. We see clients sometimes beginning their passwordless journey with web-based functions that assist trendy authentication. To that impact, Duo’s passwordless authentication is enabled by way of Duo Single Sign-On (SSO) for federated functions. Customers can select to combine their current SAML Identity supplier similar to Microsoft (ADFS, Azure), Okta or Ping Identity; or select to make use of Duo SSO (Available throughout all Duo editions).
“Password management is a challenging proposition for many enterprises, especially in light of BYOD and ever increasing sophistication of phishing schemes. Cisco aims to simplify the process with its Duo passwordless authentication that offers out-of-box integrations with popular single sign-on solutions.” – Will Townsend, Vice President & Principal Analyst, Networking & Security, Moor Insights & Strategy
Duo’s Passwordless Architecture
Duo affords a versatile alternative of passwordless authentication choices to fulfill the wants of companies and their use circumstances. This consists of:
- FIDO2 compliant, phishing-resistant authentication utilizing
- Platform authenticators – TouchID, FaceID, Windows Hello, Android biometrics
- Roaming authenticators – safety keys (e.g. Yubico, Feitian)
- Strong authentication utilizing Duo Mobile authenticator utility
No matter which authentication choice you select, it’s safe and inherently multi-factor authentication. We are eliminating the necessity for the weak data issue (one thing – passwords) that are shared throughout authentication and will be simply compromised. Instead, we’re counting on stronger components, that are the inherence issue (one thing you’re – biometrics) and possession issue (one thing you’ve – a registered gadget). A consumer completes this authentication in a single gesture with out having to recollect a fancy string of characters. This considerably improves the consumer expertise and mitigates the danger of stolen credentials and man-in-the-middle (MiTM) assaults.
Phishing resistant passwordless authentication with FIDO2
FIDO2 authentication is thought to be phishing-resistant authentication as a result of it:
- Removes passwords or shared secrets and techniques from the login workflow. Attackers can not intercept passwords or use stolen credentials accessible on the darkish net.
- Creates a robust binding between the browser session and the gadget getting used. Login is allowed solely from the gadget authenticating to an utility.
- Ensures that the credential (public/non-public key) alternate can solely occur between the gadget and the registered service supplier. This prevents login to faux or phishing web sites.
Using Duo with FIDO2 authenticators permits organizations to implement phishing-resistant MFA of their setting. It additionally complies with the Office of Management and Budget (OMB) steering issued earlier this yr in a memo titled “Moving the U.S. Government Towards Zero Trust Cybersecurity Principles”. The memo particularly requires businesses to make use of phishing-resistant authentication technique.
We perceive that getting the IT infrastructure able to assist FIDO2 will be costly and is usually a long-term venture for organizations. In addition, deploying and managing third celebration safety keys creates IT overhead that some organizations usually are not in a position to undertake instantly.
Alternatively, utilizing Duo Push for passwordless authentication is a simple, value efficient to get began on a passwordless journey for a lot of organizations, with out compromising on safety.
Strong passwordless authentication utilizing Duo Mobile
We have included safety into the login workflow to bind the browser session and the gadget getting used. So, organizations get the identical advantages of eliminating use of stolen credentials and mitigation of phishing assaults. To be taught extra about passwordless authentication with Duo Push, take a look at our put up: Available Now! Passwordless Authentication Is Just a Tap Away.
Beyond passwordless: Thinking about Zero Trust Access and steady verification
In addition to going passwordless, many organizations wish to implement zero belief entry of their IT setting. This setting sometimes is a mixture of trendy and legacy functions, that means passwordless can’t be universally adopted. At least not till all functions can assist trendy authentication.
Additionally, organizations must assist a broad vary of use circumstances to permit entry from each managed and unmanaged (private or 3rd celebration contractor) gadgets. And IT safety groups want visibility into these gadgets and the power to implement compliance to fulfill the group’s safety insurance policies similar to making certain that the working system (OS) and net browser variations are updated. The significance of verifying gadget posture on the time of authentication is emphasised within the steering offered by OMB’s zero belief memorandum – “authorization systems should work to incorporate at least one device-level signal alongside identity information about the authenticated user.”
Duo may help organizations undertake a zero belief safety mannequin by imposing sturdy consumer authentication throughout the board both by way of passwordless authentication the place relevant or thought password + MFA the place mandatory, whereas offering a constant consumer expertise. Further, with capabilities similar to gadget belief and granular adaptive insurance policies, and with our imaginative and prescient for Continuous Trusted Access, organizations get a trusted safety accomplice they will depend on for implementing zero belief entry of their setting.
To be taught extra, take a look at the eBook – Passwordless: The Future of Authentication, which outlines a 5-step path to get began. And watch the passwordless product demo on this on-demand webinar .
Many of our clients have already begun their passwordless journey. If you wish to get began as effectively, sign-up for a free trial and attain out to our wonderful representatives.
We’d love to listen to what you assume. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
Share: