Let’s discuss a universally disliked element of our digital lives - passwords. They sure are a hassle, aren’t they? The constant cycle of remembering, typing, mistyping, and resetting them is endlessly irritating. But imagine a different reality. Picture a world where you’re free from memorizing a confusing mix of characters for your email access, and a world where over half of your helpdesk’s time isn’t consumed by password reset requests. It seems like a fantasy, right? Well, it’s actually a reality, and it’s wonderful. It’s known as phishing resistant authentication, and it’s set to revolutionize your experience.
Firstly, let’s focus on the most exciting aspect – phishing resistant credentials. Phishing, as you know, involves crafty cybercriminals deceiving you into surrendering your passwords. However, with phishing resistant authentication, there are no passwords to be compromised. Instead, you use something you possess, like a mobile device or a security key, combined with something you know (like a PIN) or something inherent to you (such as a fingerprint or facial recognition) for logging in. This means hackers can’t deceive you into handing over your hardware key. Plus, even if they set up a fraudulent phishing site, this technology cleverly blocks your login attempt. Two innovative technologies enabling this are Azure Certificate-Based Authentication (CBA) and FIDO2.
Azure CBA represents Azure’s solution to the complexities of smartcard authentication. This Azure Active Directory (Azure AD) feature allows you to sign in using a client certificate. Azure AD assigns a token to your device, which is then used for logging you in. This eliminates the previously necessary complex setup involving ADFS Servers, MIM CM, ADCS, Domain Controllers, HSMs, CRL servers, and more.
FIDO2 stands out as a modern solution to the cumbersome nature of traditional smartcard systems. This impressive open standard allows you to access online services without needing a password. Instead, you can opt for your biometrics, a mobile device, or a FIDO security key. It’s the brainchild of the brilliant minds at the World Wide Web Consortium (W3C) and the FIDO Alliance. As a member of the FIDO Alliance, we might be slightly partial in our view.
It’s clear that it’s more secure, but here’s another great point – it’s also much quicker! Research indicates that phishing resistant authentication can be up to four times faster than traditional password methods. Say goodbye to the hassle of typing out lengthy, complex passwords or scrambling to retrieve a one-time code from your phone. Instead, a simple touch of your fingerprint, a glance at your face, or a tap of your security key, and you’re logged in. It’s not just a time-saver; it’s a stress-saver too.
If you ask any IT help desk what their most common task is, they’ll likely say, “Password resets.” These resets are costly, not just in terms of help desk time but also in terms of lost productivity for the employee. In fact, some specialists estimate the cost at $70 per password reset. However, with self-service phishing resistant onboarding tools like EZCMS, users can swiftly verify their identity and set up their phishing resistant tokens in just a few minutes, all without needing to contact the help desk.
And there it is. The future has arrived, and it’s free from passwords. Given the increasing frequency of cyber-attacks and our universal wish for a more straightforward life, the era of passwords is inevitably drawing to a close. FIDO2 and Azure CBA are at the forefront of this movement, and it’s time for everyone to join in. It’s time to bid farewell to passwords and embrace the new era of convenience – and that era is phishing resistant!
