Begin with Phishing-Resistant, Passwordless Authentication


Going past the hype, passwordless authentication is now a actuality. Cisco Duo’s passwordless authentication is now usually out there throughout all Duo Editions.

Cisco Duo simplifies the passwordless journey for organizations that wish to implement phishing-resistant authentication and undertake a zero belief safety technique. – Jack Poller, Senior Analyst, ESG

We acquired super participation and suggestions throughout our public preview, and we at the moment are excited to convey this functionality to our clients and prospects.

“Over the previous couple of years, we’ve got elevated our password complexities and required 2FA wherever doable.  With this strategy, staff had extra password lock outs, password fatigue, and forgetting their longer passwords on account of password rotations.  With Duo Passwordless, we’re excited to introduce this characteristic to our staff to maintain our password complexities in place and leverage completely different Biometric choices whether or not that’s utilizing their cell gadget, Home windows Hi there, or a offered FIDO safety key.  The Duo Push for passwordless authentication characteristic is easy and straightforward and introduces a extra nice expertise total.  Utilizing Duo’s gadget perception and software insurance policies, we’re in a position to leverage and confirm the safety of the cell units earlier than the gadget is allowed for use.  To high it off, Duo is related to our SIEM and our InfoSec staff is ready to evaluation detailed logs and setup alerts to have the ability to hold every little thing safe.” Vice President of IT , Banking and Monetary Companies Buyer

As with every new expertise, attending to a totally passwordless state can be a journey for a lot of organizations. We see clients usually beginning their passwordless journey with web-based functions that help trendy authentication. To that impact, Duo’s passwordless authentication is enabled by way of Duo Single Signal-On (SSO) for federated functions. Prospects can select to combine their present SAML Id supplier corresponding to Microsoft (ADFS, Azure), Okta or Ping Id; or select to make use of Duo SSO (Obtainable throughout all Duo editions).

Password administration is a difficult proposition for a lot of enterprises, particularly in mild of BYOD and ever growing sophistication of phishing schemes. Cisco goals to simplify the method with its Duo passwordless authentication that provides out-of-box integrations with in style single sign-on options. – Will Townsend, Vice President & Principal Analyst, Networking & Safety, Moor Insights & Technique

Duo’s Passwordless Structure

Duo affords a versatile alternative of passwordless authentication choices to fulfill the wants of companies and their use circumstances. This consists of:

  1. FIDO2 compliant, phishing-resistant authentication utilizing
    1. Platform authenticators – TouchID, FaceID, Home windows Hi there, Android biometrics
    2. Roaming authenticators – safety keys (e.g. Yubico, Feitian)
  2. Robust authentication utilizing Duo Cellular authenticator software

Regardless of which authentication possibility you select, it’s safe and inherently multi-factor authentication. We’re eliminating the necessity for the weak data issue (one thing you realize – passwords) that are shared throughout authentication and will be simply compromised. As a substitute, we’re counting on stronger elements, that are the inherence issue (one thing you might be – biometrics) and possession issue (one thing you have got – a registered gadget). A person completes this authentication in a single gesture with out having to recollect a fancy string of characters. This considerably improves the person expertise and mitigates the danger of stolen credentials and man-in-the-middle (MiTM) assaults.

Phishing resistant passwordless authentication with FIDO2

FIDO2 authentication is considered phishing-resistant authentication as a result of it:

  1. Removes passwords or shared secrets and techniques from the login workflow. Attackers can not intercept passwords or use stolen credentials out there on the darkish internet.
  2. Creates a powerful binding between the browser session and the gadget getting used. Login is allowed solely from the gadget authenticating to an software.
  3. Ensures that the credential (public/non-public key) change can solely occur between the gadget and the registered service supplier. This prevents login to faux or phishing web sites.

Utilizing Duo with FIDO2 authenticators allows organizations to implement phishing-resistant MFA of their surroundings. It additionally complies with the Workplace of Administration and Price range (OMB) steering issued earlier this 12 months in a memo titled “Transferring the U.S. Authorities In direction of Zero Belief Cybersecurity Ideas”. The memo particularly requires companies to make use of phishing-resistant authentication technique.

We perceive that getting the IT infrastructure able to help FIDO2 will be costly and is often a long-term mission for organizations. As well as, deploying and managing third occasion safety keys creates IT overhead that some organizations should not in a position to undertake instantly.

Alternatively, utilizing Duo Push for passwordless authentication is a simple, price efficient to get began on a passwordless journey for a lot of organizations, with out compromising on safety.

Robust passwordless authentication utilizing Duo Cellular

We’ve got included safety into the login workflow to bind the browser session and the gadget getting used. So, organizations get the identical advantages of eliminating use of stolen credentials and mitigation of phishing assaults. To study extra about passwordless authentication with Duo Push, try our put up: Obtainable Now! Passwordless Authentication Is Only a Faucet Away.



Past passwordless: Fascinated with Zero Belief Entry and steady verification

passwordless authentication

Along with going passwordless, many organizations wish to implement zero belief entry of their IT surroundings. This surroundings usually is a mixture of trendy and legacy functions, that means passwordless can’t be universally adopted. No less than not till all functions can help trendy authentication.

Moreover, organizations must help a broad vary of use circumstances to permit entry from each managed and unmanaged (private or 3rd occasion contractor) units. And IT safety groups want visibility into these units and the power to implement compliance to fulfill the group’s safety insurance policies corresponding to making certain that the working system (OS) and internet browser variations are updated. The significance of verifying gadget posture on the time of authentication is emphasised within the steering offered by OMB’s zero belief memorandum – “authorization methods ought to work to include at the least one device-level sign alongside identification details about the authenticated person.”

Duo may help organizations undertake a zero belief safety mannequin by imposing sturdy person authentication throughout the board both by way of passwordless authentication the place relevant or thought password + MFA the place obligatory, whereas offering a constant person expertise. Additional, with capabilities corresponding to gadget belief and granular adaptive insurance policies, and with our imaginative and prescient for Steady Trusted Entry, organizations get a trusted safety companion they will depend on for implementing zero belief entry of their surroundings.

To study extra, try the eBook – Passwordless: The Way forward for Authentication, which outlines a 5-step path to get began. And watch the passwordless product demo on this on-demand webinar .

A lot of our clients have already begun their passwordless journey.  In case you are trying to get began as nicely, sign-up for a free trial and attain out to our superb representatives.

We’d love to listen to what you suppose. Ask a Query, Remark Under, and Keep Linked with Cisco Safe on social!

Cisco Safe Social Channels




Leave a Reply