Home » Tech » Passwordless: Why It Fails – CSO Online
Tech

Passwordless: Why It Fails – CSO Online

by Lisa Park - Tech Editor
written by Lisa Park - Tech Editor

Prioritize⁣ Securing Critical⁢ Systems First⁤ When Implementing⁣ Passwordless Authentication

Table of Contents

Published⁢ December 31, 2023, at 05:02:48⁤ PST

The ‍Challenge⁢ of Passwordless Adoption

Many organizations struggle with a complete transition‍ to passwordless authentication⁤ due to a complete lack ⁢of ‍platform support,‌ particularly⁢ with legacy applications and‍ third-party systems. This creates a fragmented security landscape where ⁢some systems benefit from enhanced security while ‍others remain vulnerable.

Reversing⁢ the Rollout Order: A Strategic Approach

oleg naumenko, CEO of ⁤identity provider​ Hideez, advocates for a strategic sequence when implementing passwordless ‌authentication. He suggests that ​organizations⁢ frequently enough begin with cloud⁢ services due to ⁤their relative ease ‍of integration, leaving more critical ⁢and​ complex systems reliant on⁢ passwords. Naumenko recommends prioritizing the security of privileged users and critical systems first to significantly​ reduce overall risk.

“An organization ⁣that starts by securing privileged users and critical systems can significantly ‌reduce ‌risk,”​ Naumenko stated, according to reporting by ComputerWoche. ‌Privileged users,‍ such as administrators,⁣ possess the broadest access⁤ privileges, ‌making them prime ‌targets for attackers. Securing their accounts ⁣with passwordless authentication provides a strong initial defense.

Naumenko cautions against starting with⁤ simpler integrations​ solely to increase⁢ user adoption.⁢ ‍He argues that such an approach yields only​ superficial ‌improvements.⁢ “If the rollout ⁢starts with the simplest‌ integrations just to reach more users, the improvement will⁣ only be superficial,” he explained.

Bridging the Gap with Legacy Systems

While cloud⁢ applications can frequently enough⁤ be integrated with passwordless⁢ authentication using standards like Security Assertion Markup⁣ Language (SAML) or OpenID Connect (OIDC), legacy and custom systems require option solutions.

Naumenko proposes‌ two primary approaches:

  • VPN with Passwordless⁤ SSO: Restricting access to legacy ⁢systems via a Virtual Private Network (VPN) secured⁤ by passwordless Single Sign-On (SSO).
  • Reverse Proxy Service: Implementing a reverse proxy service‍ that enables direct passwordless access to these systems.

This article was last updated on december 31, 2023, at 05:02:48 PST. Facts is based on reporting from ⁢ComputerWoche and Hideez, and publicly available information on ⁣SAML, OIDC, and SSO.

Tech Editor - Lisa Park

Lisa Park is a leading technology journalist with 11 years of experience covering Silicon Valley, emerging technologies, and digital innovation. Lisa holds a Master's in Computer Science and Her expertise spans artificial intelligence, blockchain technology, cybersecurity, and venture capital. She has exclusive access to tech executives, startup founders, and industry insiders, making her a trusted voice in technology reporting.

You may also like

USB-C Charging: Pitfalls & How to Choose the...

Marathon Server Slam: Joe Ziegler’s Top Tips for...

Apple Pay India: Launch Talks with Banks &...

Sony Patents New PSSR Tech: Real-Time Quantization for...

Online Age Verification: Privacy & Free Speech Risks...

Solar Flyby Mission Proposed to Reach Interstellar Comet...

TribLIVE Privacy Settings: Manage Your California Data Options

Bernie Goetz & 80s NYC: Race, Crime &...

RCS Messaging: End-to-End Encryption Coming to SMS Successor?

Trump’s Voter Tool Flags US Citizens as Noncitizens,...

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.