How about a passwordless daily?

Who has never decided to grab a coffee while some good IT support soul comes to the rescue for a password update? What if there are authentication solutions that don’t rely on passwords? Which limit management costs and are secure and easy to use?

How much time accumulated over a year – multiplied by the number of employees and the frequency with which security codes are updated … and so on – do you think a company spends logins and passwords? Both in terms of security and time, this myriad of passwords and their necessary updating hamper productivity and incur significant operational costs for companies.

Problematic

We generate a huge amount of sensitive data on a daily basis. By ordering online, by connecting to our company or by using our mobile phone for example…

Do you think this data is protected? Well, according to a survey conducted in February 2020 by the Yubico company:

  • 49% of respondents admitted to sharing passwords with colleagues to access professional accounts;
  • 59% said their organization relies solely on remembering to manage passwords;
  • 42% have already used sticky notes to remember passwords.

Human reaction, we adopt behaviors aimed at finding workarounds to simplify our lives, to the detriment of our IT security and the protection of our personal data.

The result is the opposite of the very reason passwords exist: to provide us with more protection. Find the mistake…

And all of that data needs to be protected with specific, strong, multiple passwords. Now, who has – here again – never succumbed to the temptation to use the same password on different sites or servers? To the delight of hackers who, with one and the same key, can open many Alibaba caves…

Possible solutions

Our brains are simply not made to remember so much information “by rote”. In the end, either we forget it or we notice it … “Safe” solutions such as LastPass (allowing all our passwords to be stored in one place) can then prove to be very useful, but they remain workarounds. The problem is not being addressed at the source.

Thanks to multi-factor authentication (MFA), we can already connect to a computer tool using at least two successive methods to verify our identity:

  • something that we know or that we are (fingerprint, password, PIN, secret question, etc.);
  • something we have (a token, your smartphone, etc.).

Several MFA solutions exist on the market. I am thinking in particular of Google Authenticator. Once you have entered a password, you will receive a message on your smartphone to confirm that it is you who is trying to authenticate yourself. Same thing when your bank sends you an SMS to validate an online purchase.

At the scale of an enterprise, the solution lies elsewhere: completely eliminate the use of passwords while maintaining a strong level of security.

Example of a solution: Secret Double Octopus

Secret Double Octopus, from the eponymous company, allows you, at the office or from home, to access your company’s resources with an MFA solution that offers a reliable and qualitative user experience, whether by connecting with a Windows machine, a Mac or a thin client (Citrix, VMware Horizon). Based on a robust and secure protocol, this solution can be integrated into a whole set of websites and cloud solutions (Azure, Amazon AWS, etc.) that can be offered by your company since it is based on standards used by lots of editors.

Concretely, when you start your computer for a new working day, you are usually asked for your login and password. Here you receive a notification directly on your phone (something you own) asking you to validate that you are accessing your computer. You then use your fingerprint (something that you are) to be able to start working.

No need to remember a password! And whether you work face-to-face or remotely, you benefit from the same “user experience”.

More pleasant for users, less restrictive for IT support services and more beneficial for managers … The Secret Double Octopus solution has, I believe, not finished talking about it.

By Yvan Barnabaux

Newsletter
Follow us
Contact information

1, rue de la Poudrerie
3364 Leudelange, Luxembourg
+352 27 99 49 29
contact@innoviction.lu

Thank you to our partners