While still the most popular method of authentication, passwords suffer significant drawbacks in terms of security and cost as we continue to struggle at creating less crackable ones. Dark Reading has written a piece describing six steps organizations can take to transition to passwordless authentication methods to help reduce the reliance on humans to create strong enough passwords to reduce the occurrence of information and data leaks. First, passwordless programs must start small, instead of attempting to switch the entire organization over at once. Second, authentication security policies must be defined and enforced at the hardware level. Third, per zero-trust security principles, it must be possible to monitor and control all identities. Fourth, authentication methods must be consolidated from across all services into one access management provider with the required capabilities. Fifth, education has to be created for end users so they understand the new changes. Finally, the passwordless program must undergo a consistent improvement process until it is fully adjusted to fit the organization’s needs. Read more at Dark Reading.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!