It’s time to implement highly secure passwordless protection for Windows machines.
The journey to passwordless is not short, but there’s a clear roadmap to reaching that goal. You start with the basics—centralized authentication based on username, password, and multi-factor authentication (MFA) to provide a single sign-on experience.
Progress continues by phasing out passwords using risk services and biometric authentication. The home stretch of our trip expands the use of FIDO-certified products and devices, until you arrive at your destination. Passwords are history.
Ping Identity is the experienced guide to help get you there. We partner with our customers to share best practices and bring them the best solution among our identity and access management offerings. We have a few more steps before our own trek is complete, but we believe that by working together with you, we not only reach our destination sooner, we can also develop and fine-tune the tools and processes the market requires.
User Experience + Security
Security is always a top priority, but it can’t be the only one. Unhappy users inevitably abandon a well-protected solution if they find it difficult or time consuming to use. That makes experience an important topic, as no administrator can accept a solution that frustrates end users. A simple, fast solution is needed to convince potential users to give it a try. If it provides a good experience, your user base will readily adopt it.
That’s why, as we developed our Windows Login Passwordless solution, we paid careful attention to end users and their experience. Everyone with the PingID mobile application installed and configured on a mobile device can quickly and easily sign in to Windows more securely than ever—without a password.
Just one click prompts approval in the mobile device using your biometrics to identify you. Within seconds, you’re signed in. Who wouldn’t welcome such a solution?
But what about security? A great user experience is not enough. Administrators must know their end users are well protected and have confidence that their most valuable assets—their laptops and desktops—are safe from hackers.
With security a top priority for our new solution, using certificates to authenticate users into Windows makes perfect sense. The challenge is to make certificates easy for administrators to configure and for users to use, while ensuring users are protected from hackers. Stealing a user’s password might be tricky, but it’s possible. It’s impossible to forge a user certificate, which is why their use is a security best practice.
What’s the next step in the passwordless journey? Ping Identity team has several ideas. For example, allowing users authenticated through Windows Login Passwordless to skip MFA authentication to web applications, since MFA is redundant and adds friction to the user experience.
We can also see companies combining our simple passwordless authentication flow with our intelligent risk management service for even better security levels to create a great user experience with minimal security concerns.
This is just the tip of the iceberg. Much more is planned, and the future is bright for passwordless flows, which will soon be the most common way to authenticate users.