Contact Us

Rethinking Authentication: Focus on the WHOLE Process, Not Just the Method

Rethinking Authentication - Focus on the WHOLE Process, Not Just the Method
30 Oct 2023

Modern Authentication

I’m going to present an alternative view in this article (…shocking, I know), which is a pretty significant deviation from many security-centric commentaries I’ve been reading lately. While I certainly do appreciate discussions around tech-driven security, I’m convinced that the advancement in present-day authentication and the future of Zero Trust authentication isn’t merely about the method, but it revolves around the system. To echo the sentiments of my boss and virtually everyone I’ve spoken to since joining the Keytos organization, even top-notch security is ineffective if end-users find it cumbersome and IT struggles to implement it. Basically, what I’m trying to say here is that, yes, the method in which you choose to authenticate is cool, but the PROCESS associated with that method has much more impact on all facets of your business.

The Importance of Managing Authenticators and Credentials

Let’s get into how authenticators and credentials influence both IT and the end-user:

1) 40% of help desk activities involve password resets.

2) Yubico’s research indicates that users spend roughly 12 minutes each week dealing with passwords, leading to an annual organizational expense exceeding $5.2 million.

3) Censuswide’s study suggests that consumers waste approximately 12 full days throughout their lives managing usernames and passwords.

All that being considered, introducing robust Authenticators like USB Keys or Smart Cards might further stress both help desks and end users. So, what do we do about that?

Recommendations for Authenticator and Credential Management

Actionable Insights: Though “visibility” is a buzzword in security, it alone isn’t sufficient, especially when dealing with a massive number of users. What’s essential is actionable insights, providing a clear picture of authentication methods adopted across various user groups. We’ve observed that many companies are surprised by the prevalence of basic userid/password setups in their systems.

Automated Processes: An Okta report estimates that roughly 30 minutes are required for each end-user setup request. As businesses expand, so does the backlog of such requests. Automation is crucial, but it’s essential to ensure that it is implemented properly.

Empowering Users: As remote work continues to blossom; IT demands are through the roof! A comprehensive self-service mechanism, resistant to phishing and other cyber threats, is pivotal. Such a system should cover the entire authentication journey, from initial setup to renewal, ensuring both user satisfaction and reduced IT burdens.

Group-centric Management: Authentication measures typically cater to specific user groups, authenticators, or credentials. Efficient and secure operations require management based on these groupings.

Lifecycle Oversight: Authentication isn’t a one-off task. Users, applications, and authenticators are continually evolving. Comprehensive lifecycle management, encompassing all entities, is vital.

A System-Centric Approach to Authentication

To reiterating my primary point here… authentication security hinges on holistic management of users, authenticators, and credentials. A successful system should harmonize rigorous security demands with IT operational efficiency, without hindering the end user. Such a system isn’t just ideal; it’s a springboard for the future of authentication, so check out EZCMS.

You Might Also Want to Read