InfoSec-Specific Executive Development for
CISOs and Aspiring Security Leaders.
Live Faculty-led instruction and interactive
labs to build you and your team's InfoSec skills
Organizations moving to password-less authentication should consider externalizing login processes from individual applications to either Kerberos (via AD/Integrated Windows Authentication) or using federation technologies such as SAML or OpenID Connect
(OIDC). Once this is done, gradually move login processes from traditional, password-based ones to new processes that combine local-to-device biometric authentication with login to network services using cryptographic key material stored securely
However, it’s important to implement new authentication mechanisms carefully because there are many compatibility challenges with devices, offline use and diverse user locations and network connectivity.
This piece offers a step-by-step guide for implementing password-less authentication, including best practices to follow and pitfalls to avoid.
Before you make the move to password-less, you should make sure you have a solid understanding of password-less authentication.
With that theoretical background in mind, implementation of a password-less authentication system should typically proceed in the following sequence:
READ: When to Consider a New IAM Solution
Rolling out password-less isn’t easy. When planning a password-less system rollout, organizations should consider the following best practices:
Password-less seems like the answer to the decades-old problems with passwords—usability, security, support cost and more—but to date, it’s not an easy goal to reach. Most large organizations are bound to run into issues with password-less,
increasing cost and limiting scope. The technology is promising and maturing, but not trivial. Overall, success requires laser focus on endpoint types and capabilities, network (and offline) usage, and application compatibility. It also means focusing
on the business and where password-less makes the most sense—and where it doesn’t. Overall, teams should understand:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
August 11, 2022
By IANS Research
Gain a solid understanding of packet sniffing attack techniques and find best practices to detect and prevent your organization from falling victim to packet sniffing attacks.
August 9, 2022
By IANS Faculty
Overcome the challenges of SSO adoption by learning how to communicate the key benefits for end users across the organization.
August 4, 2022
Understand how the SOC audit and reporting process works and how it helps improve your businesses competitiveness. Also, learn how to determine when SOC reports are needed along with guidance to launch the SOC process.