Begin with Phishing-Resistant, Passwordless Authentication


Going past the hype, passwordless authentication is now a actuality. Cisco Duo’s passwordless authentication is now typically out there throughout all Duo Editions.

Cisco Duo simplifies the passwordless journey for organizations that need to implement phishing-resistant authentication and undertake a zero belief safety technique. – Jack Poller, Senior Analyst, ESG

We obtained great participation and suggestions throughout our public preview, and we are actually excited to convey this functionality to our clients and prospects.

“Over the previous few years, we’ve elevated our password complexities and required 2FA wherever potential.  With this strategy, workers had extra password lock outs, password fatigue, and forgetting their longer passwords as a consequence of password rotations.  With Duo Passwordless, we’re excited to introduce this function to our workers to maintain our password complexities in place and leverage completely different Biometric choices whether or not that’s utilizing their cellular gadget, Home windows Whats up, or a supplied FIDO safety key.  The Duo Push for passwordless authentication function is easy and straightforward and introduces a extra nice expertise general.  Utilizing Duo’s gadget perception and utility insurance policies, we’re capable of leverage and confirm the safety of the cellular units earlier than the gadget is allowed for use.  To prime it off, Duo is related to our SIEM and our InfoSec workforce is ready to evaluation detailed logs and setup alerts to have the ability to preserve every part safe.” Vice President of IT , Banking and Monetary Providers Buyer

As with every new expertise, attending to a very passwordless state will probably be a journey for a lot of organizations. We see clients usually beginning their passwordless journey with web-based functions that help fashionable authentication. To that impact, Duo’s passwordless authentication is enabled by means of Duo Single Signal-On (SSO) for federated functions. Clients can select to combine their current SAML Id supplier akin to Microsoft (ADFS, Azure), Okta or Ping Id; or select to make use of Duo SSO (Obtainable throughout all Duo editions).

Password administration is a difficult proposition for a lot of enterprises, particularly in gentle of BYOD and ever rising sophistication of phishing schemes. Cisco goals to simplify the method with its Duo passwordless authentication that gives out-of-box integrations with fashionable single sign-on options. – Will Townsend, Vice President & Principal Analyst, Networking & Safety, Moor Insights & Technique

Duo’s Passwordless Structure

Duo presents a versatile alternative of passwordless authentication choices to satisfy the wants of companies and their use circumstances. This contains:

  1. FIDO2 compliant, phishing-resistant authentication utilizing
    1. Platform authenticators – TouchID, FaceID, Home windows Whats up, Android biometrics
    2. Roaming authenticators – safety keys (e.g. Yubico, Feitian)
  2. Robust authentication utilizing Duo Cellular authenticator utility

Irrespective of which authentication choice you select, it’s safe and inherently multi-factor authentication. We’re eliminating the necessity for the weak data issue (one thing you recognize – passwords) that are shared throughout authentication and could be simply compromised. As an alternative, we’re counting on stronger components, that are the inherence issue (one thing you might be – biometrics) and possession issue (one thing you have got – a registered gadget). A person completes this authentication in a single gesture with out having to recollect a fancy string of characters. This considerably improves the person expertise and mitigates the chance of stolen credentials and man-in-the-middle (MiTM) assaults.

Phishing resistant passwordless authentication with FIDO2

FIDO2 authentication is considered phishing-resistant authentication as a result of it:

  1. Removes passwords or shared secrets and techniques from the login workflow. Attackers can not intercept passwords or use stolen credentials out there on the darkish internet.
  2. Creates a robust binding between the browser session and the gadget getting used. Login is allowed solely from the gadget authenticating to an utility.
  3. Ensures that the credential (public/personal key) trade can solely occur between the gadget and the registered service supplier. This prevents login to pretend or phishing web sites.

Utilizing Duo with FIDO2 authenticators allows organizations to implement phishing-resistant MFA of their surroundings. It additionally complies with the Workplace of Administration and Funds (OMB) steerage issued earlier this yr in a memo titled “Transferring the U.S. Authorities In direction of Zero Belief Cybersecurity Ideas”. The memo particularly requires businesses to make use of phishing-resistant authentication technique.

We perceive that getting the IT infrastructure able to help FIDO2 could be costly and is often a long-term mission for organizations. As well as, deploying and managing third get together safety keys creates IT overhead that some organizations usually are not capable of undertake instantly.

Alternatively, utilizing Duo Push for passwordless authentication is a simple, value efficient to get began on a passwordless journey for a lot of organizations, with out compromising on safety.

Robust passwordless authentication utilizing Duo Cellular

We’ve got integrated safety into the login workflow to bind the browser session and the gadget getting used. So, organizations get the identical advantages of eliminating use of stolen credentials and mitigation of phishing assaults. To study extra about passwordless authentication with Duo Push, try our put up: Obtainable Now! Passwordless Authentication Is Only a Faucet Away.



Past passwordless: Serious about Zero Belief Entry and steady verification

passwordless authentication

Along with going passwordless, many organizations wish to implement zero belief entry of their IT surroundings. This surroundings usually is a mixture of fashionable and legacy functions, which means passwordless can’t be universally adopted. Not less than not till all functions can help fashionable authentication.

Moreover, organizations must help a broad vary of use circumstances to permit entry from each managed and unmanaged (private or 3rd get together contractor) units. And IT safety groups want visibility into these units and the power to implement compliance to satisfy the group’s safety insurance policies akin to making certain that the working system (OS) and internet browser variations are updated. The significance of verifying gadget posture on the time of authentication is emphasised within the steerage supplied by OMB’s zero belief memorandum – “authorization programs ought to work to include a minimum of one device-level sign alongside id details about the authenticated person.”

Duo may also help organizations undertake a zero belief safety mannequin by implementing robust person authentication throughout the board both by means of passwordless authentication the place relevant or thought password + MFA the place vital, whereas offering a constant person expertise. Additional, with capabilities akin to gadget belief and granular adaptive insurance policies, and with our imaginative and prescient for Steady Trusted Entry, organizations get a trusted safety associate they’ll depend on for implementing zero belief entry of their surroundings.

To study extra, try the eBook – Passwordless: The Way forward for Authentication, which outlines a 5-step path to get began. And watch the passwordless product demo on this on-demand webinar .

Lots of our clients have already begun their passwordless journey.  In case you are trying to get began as properly, sign-up for a free trial and attain out to our superb representatives.

We’d love to listen to what you assume. Ask a Query, Remark Under, and Keep Linked with Cisco Safe on social!

Cisco Safe Social Channels




Leave a Reply

Your email address will not be published. Required fields are marked *