Enhancing Enterprise Security: HID’s Passwordless Approach
As organisations grapple with constant and developing cybersecurity threats, the transition from password-based systems to passwordless authentication has emerged as a critical priority.
Passwords, long the standard for digital security, are now recognised as a weak link in cybersecurity defences. With research showing that password vulnerabilities are the root cause of over 80% of data breaches, passwords are susceptible to a range of threats, including phishing attacks, brute force hacking attempts, password reuse across multiple platforms and human error in creating and managing complex passwords. These vulnerabilities have led to countless data breaches and security incidents, costing businesses millions and eroding consumer trust.
In contrast, passwordless authentication technologies like passkeys provide enterprises and their employees with a more secure and reliable method of authentication.
HID, a leading provider of identity and access management solutions, has been at the forefront of this transformation, working with partners and the industry to help accelerate enterprise adoption of passkeys.
Sean Dyon, the Director of Strategic Alliances at HID, highlights the company’s role in shaping the passwordless future: “Our mission is to empower trusted identities for people, places and things across the globe. We achieve this by enabling secure, seamless authentication that enhances individual productivity, strengthens workforce efficiency and ensures the freedom to navigate across physical and digital spaces,” he says.
“What we have been increasingly working towards is to accelerate adoption of passkeys in the enterprise, and we’ve been doing that by working with the industry and through partnerships like Microsoft.”
Phishing resistance through FIDO authentication
At the heart of the passwordless revolution are the FIDO (Fast Identity Online) standards. These open standards, developed by the FIDO Alliance – an industry association dedicated to reducing reliance on passwords – provide a framework for secure, user-friendly authentication.
HID, a long-standing member of the FIDO Alliance, has been instrumental in advancing awareness and adoption of these standards. “FIDO is built on the foundation of establishing trust,” Sean says. “This is crucial because it ensures that the communication between the user and the service remains secure and cannot be intercepted by a third party.”
With 89% of organisations experiencing a phishing attack in the past year, the FIDO standards are central to this mission. “FIDO is critical because it eliminates shared secrets such as passwords, which are often targeted by phishing attacks,” he explains.
Unlike passwords, which can be reused across multiple sites and are susceptible to phishing, passkeys rely on public key cryptography that ensures the user's credentials never leave their device. By generating a unique pair of keys for each user – comprising a public key stored on the server and a private key securely held on the user's device – this approach creates a “chain of trust” between the user, the credential and the resource being accessed. For example, an attacker cannot impersonate a legitimate website, such as a financial institution, to trick the user into authenticating through a fake portal. The cryptographic key pair thus ensures that the authentication process is direct and protected from potential threats, preventing unauthorised access and ensuring the integrity of the transaction.
Benefits of passkeys
Passkeys enhance security because they are phishing-resistant, while also significantly boosting productivity. Unlike traditional passwords, which are often vulnerable to phishing attacks and require constant vigilance, passkeys provide a safer and more seamless authentication method. Employees no longer need to remember complex passwords or spend time resetting forgotten ones. This reduces the daily friction associated with authentication, allowing employees to focus on their core tasks. Additionally, it alleviates the burden on IT departments by cutting down the volume of help-desk requests related to password recovery.
Finding the right FIDO authentication
Finding the right FIDO authentication solution is a critical challenge for modern enterprises, with each organisation facing unique needs and obstacles. Amid this complexity, passkeys have emerged as a versatile option, offering a range of formats that can be tailored to suit diverse corporate environments.
There are two different types of passkeys – device-bound (on smart cards and security keys) and synced (accessible via mobile devices). Synced passkeys aren't crackable like passwords and are highly user-friendly, as they don't require users to re-enrol every time they want to access an account on a new device. However, synced passkeys can be shared with others using AirDrop and Nearby Share, potentially threatening account integrity if they inadvertently fall into the hands of malicious actors.
Device-bound passkeys, meanwhile, offer greater security since they require additional hardware and can’t be shared digitally. That is also why they tend to be better suited to enterprise or workforce use cases, with some organisations finding that offering a mix of these solutions can be a good approach – given that use cases can vary greatly between departments.
The key to successful implementation lies in selecting a vendor that can provide both choice and flexibility, allowing organisations to adapt their authentication strategies to specific use cases and user populations.
HID supports both synced and device-bound passkeys. HID’s device-bound passkeys in the form of smart cards combine physical and logical access technologies into one corporate ID badge, giving employees access to business applications and doors through a single smart card that they are already used to. These converged credentials are also multi-technology, supporting a diverse range of physical and logical access technologies (FIDO2, PKI, OATH), and giving enterprises even more flexibility.
The enterprise path to becoming passwordless
However, the transition from traditional password-based authentication to passkeys is not without its challenges, particularly for organisations with established infrastructures. “Many enterprises, especially those with a long history, have accumulated a complex array of services and tools over time,” says Sean. “Some of these systems may be outdated or require significant updates to accommodate modern authentication methods.”
Recognising this, companies like HID have partnered with tech giants such as Microsoft to develop solutions that bridge the gap between legacy systems and passwordless authentication.
These hybrid solutions are designed to work alongside existing infrastructure, enabling a gradual transition that doesn't require a complete overhaul of an organisation's IT systems. This approach is particularly valuable for enterprises that aren’t yet ready or able to implement a full-scale shift to passwordless authentication. By offering compatibility with older systems, these solutions provide a pathway for organisations to enhance their security posture without disrupting their operations or incurring prohibitive costs.
The importance of choice and flexibility in authentication methods cannot be overstated. As Sean emphasises: “For organisations, choice and flexibility are essential as the first critical component of an authentication strategy. In most enterprise environments, a one-size-fits-all approach simply doesn't work.” This recognition of the diverse needs within a single organisation underpins the development of flexible authentication solutions.
By offering a range of options, from security keys to smart cards and beyond, vendors like HID ensure that enterprises can tailor their authentication strategies to meet the specific needs of different user groups and use cases. This flexibility is crucial in addressing the varied security requirements across different departments, roles and access levels within an organisation.
The ability to choose from multiple authentication methods allows enterprises to balance security with user experience. For instance, high-security areas might require multi-factor authentication, while less sensitive applications could use simpler passkey formats. This nuanced approach ensures that security measures are proportionate to the level of risk, avoiding unnecessary friction in day-to-day operations.
Easy to deploy, easy to use
HID has recently collaborated with Microsoft in testing their new FIDO2 provisioning APIs, enabling IT administrators to create and register passkey credentials for their users. This streamlines the registration process into a single, seamless step. With just one registration, users gain access to all their enterprise applications through a single credential. “This eliminates the need to register with multiple services and ensures you can easily authenticate across your entire organisation, rather than just specific points of access,” Sean explains. Integrated support within HID’s Credential Management System (CMS) and the Authentication Platform will be available soon.
As the cybersecurity landscape changes, the need for robust, user-friendly and secure authentication methods has become a critical imperative for organisations of all sizes. HID’s focus on enabling passwordless authentication, providing choice and flexibility, and ensuring a smooth transition for enterprises underscores the company’s commitment to empowering trusted identities and securing the digital landscape.
Building trust
The collaboration between HID and the FIDO Alliance, along with key partners like Microsoft, is propelling the passwordless movement forward, ensuring that organisations have the tools and solutions they need to stay secure in an increasingly digital world.
By adopting passkeys and passwordless authentication methods, businesses not only streamline their operations but also create a smoother, more efficient work environment for their employees. In the long run, this leads to significant cost savings, improved employee satisfaction, and a stronger security posture for enterprises.
**************
Make sure you check out the latest edition of Energy Digital Magazine and also sign up to our global conference series - Sustainability LIVE 2024
**************
Energy Digital is a BizClik brand