Despite recent announcements from Microsoft, such as the elimination of passwords for access to MS Azure, realistically most of us will be still using passwords for a while to come.
There are limitations as to how quickly enterprises can change how they get work done, and how quickly people can be trained to work differently. Since native biometrics like Touch ID and face have trained millions to rely on biometrics for access, there is hope we can eliminate the password sooner rather than later.
New smaller enterprises will be the first to go password-free in the cloud. Cloud-centric enterprises can benefit immediately from access to line-of-business apps such as Office 365, Azure, and Dynamics CRM Online by connecting through Azure AD or a PIN to sign-in from a phone using the Microsoft Authenticator App. Unfortunately, the freedom from passwords is currently limited to just the apps that are in the cloud, and in this scenario within Microsoft’s cloud.
In general, cloud environments are where users will first experience freedom from passwords. Single Sign-On is simplest in this world of SAML enabled apps in the cloud. Identity platforms can integrate via SAML to use biometrics and possession of the phone for more secure MFA.
Unfortunately for most enterprises, there remains a multitude of legacy applications and secure environments that enterprise users rely on and for which employees need remote access. For these, enterprises must decide what level of security needs to be maintained for remote users. Typically, enterprises have relied on VPNs and then added tokens for controlling access.
But this is slowly changing. New identity platforms are offering more flexibility. Veridium is one of the companies aggressively standardizing how MFA can be enabled with biometrics in a secure fashion without passwords and without tokens.
Currently, some solve this by using a VPN and delivering a mobile push as the 2nd factor for authentication. The challenge with a mobile push is that given how often mobile users blindly accept and click on their phones – the user may inadvertently accept an authorization request without being the initiator of access.
Veridium takes a realistic global view of enterprise environments and provides an MFA platform to help enterprises remove their dependency on passwords across a multitude of environments. Some of these environments, like Citrix NetScaler, can be accessed via the Radius protocol. Web apps, like SalesForce, GSuite, Office 365, DropBox, PING, OKTA, can be accessed via SAML integration. Veridium offers seamless integration with Microsoft AD for access to Windows environments and also supports Citrix FAS so that access can be extended for Windows environments delivered by Citrix.
The reality is that enterprises need to prioritize identity and access requirements, and may not want to oversimplify access at the risk of compromising security. While Microsoft is pushing in the right direction, the challenge to reduce passwords is complex and enterprises will be tackling it one use case at a time to ensure that the highest level of security is maintained.