While password-less authentication can simplify the user experience, it also supports a Zero Trust security model. It helps support a Zero Trust security model where every access request is authenticated independently of any device state or network location. Password-less login makes it easier for users to sign in securely. The answer? Eliminate passwords by defining a password-less strategy. The question becomes, “How do you protect the identity with a strengthened security foundation and optimal user experience?”. Consider organizations with end-users complaining about the complex password requirements and refusing to use the systems or apps or users who reuse the same password in all systems and apps. Of course, a simple password is only scratching the surface. With social engineering, malicious actors draw out the user with psychological techniques for extracting the necessary data and generating possible passwords to leverage with moderate to high accuracy this includes baiting, spear phishing, scareware, and pretexting.
While some systems have built-in security capabilities to prevent simple attacks, let us not forget the sophisticated methods for compromising an identity: social engineering. While a relaxed policy allows more accessible user experiences, it will enable malicious actors to draw an opportunity of deploying simple attack strategies for compromising identities, including but not limited to brute-force attacks and dictionary attacks. Especially when logging in to their Windows 10/11 device, Microsoft 365, a third-party cloud app, or a legacy/line-of-business app leveraging Azure Active Directory or Active Directory Domain Services. For some organizations, password policies tend to remain relaxed for the ease of user experience. Today, as organizations continue to plan and strategize the adoption of multi-factor authentication, users continue to authenticate with one-factor authentication via passwords. Now, many organizations are looking to employ a password-less strategy.Īs I wrote in a previous blog about protecting the user identity and data with Zero Trust and Microsoft Security, let us start with the basics and realize the number one asset under attack: the identity. In today’s digital world, passwords have become a universal language to access applications and devices.
0 kommentar(er)
