Haider Iqbal | Director of Product Marketing
More About This Author >
Haider Iqbal | Director of Product Marketing
More About This Author >
If you’ve somehow missed it, let me state the obvious: Passwordless is a strategic bet! Many organizations realize this already. But if there was ever a doubt, have a look at the latest KuppingerCole report that predicts the passwordless authentication market to be a $6.6 billion market. Given the strategic nature of this topic, it is surprising how organizations still struggle to achieve the full potential of their passwordless authentication deployments.
Why Passwordless Authentication is Broken
Most security controls are seen as a good to have till an actual incident occurs. It is usually only after a breach caused by a phishing attack that organizations tend to think how passwords are the weakest link. Or it only after a third-party, like a supplier, gets breached that organizations begin to consider a stronger form of authentication. This philosophy of security as an afterthought is what leads to piecemeal implementations of passwordless authentication as well.
The problem doesn’t lie as much with the security & risk management personnel who are very knowledgeable about the value of implementing passwordless. The real issue lies in the ignorance of the decision-makers, and it lies in the inability of those security & risk management professionals to articulate the business value to these decision-makers. Why can passwordless become a Board-level discussion topic after a breach, and not before it?
The situation is exacerbated by the fact that there are different ways of addressing passwordless, and security leaders themselves struggle with how to implement it. The consequence is an ill-informed decision to either implement for a small group of users; or blanket the complete user base with a single method of passwordless authentication. The result is the anti-thesis of the passwordless promise – poor user experience and patchy security coverage.
Passwordless 360° – the right approach to implement Passwordless Authentication
The KuppingerCole Leadership Compass has recognized Thales as an Overall, Innovation, Product, and Market Leader in the Passwordless Authentication for Consumers market. The report praises Thales for offering a versatile set of identity applications encompassing a wide range of authentication methods to meet organizations’ needs. With over three decades of expertise in authentication technology, Thales has been offering passwordless authentication, perhaps even long before the term was even coined!
Passwordless 360° is a new way for security leaders to approach the implementation of passwordless authentication, while giving a model that helps them communicate the value to stakeholders. In our years of experience, two key trends stand out:
- Diversity of users. How you approach passwordless authentication for consumers is very different from how you approach it for your workforce or your third-party users, but the underlying business drivers of a better UX and security remain the same. Passwordless 360° forces the security leaders to avoid looking at passwordless implementations in isolation. The goal of eliminating passwords for better security and better UX will always remain incomplete unless an organization is able to equip all users, from workforce to consumers and all in between.
- Variance of assurance levels. One of the biggest implementation mistakes is not understanding the nuanced assurance level needs of different users based on their roles, context, user experience and security needs. Passwordless for a factory floor worker may rely on a zero-factor authentication versus a multi-factor need for a user with privileged access. Even for consumer use cases, the passwordless authentication mechanism could vary between a FIDO synced passkey versus a device-bound passkey, depending on the assurance level needed for the transaction. Passwordless 360° helps you visualize these varying needs, making it easier to communicate the implementation gaps and realize the true value of your passwordless journey.
Charting the Next Steps for your Passwordless Journey
If your organization is new to its passwordless journey, or struggling to achieve the goals of its passwordless implementation, leverage this Passwordless 360° guide to help you navigate that journey. The Passwordless 360° approach provides a comprehensive framework for planning and evaluating passwordless implementations. Thanks to its unique portfolio of IAM products and services, Thales can help organizations adopt the Passwordless 360o approach by:
- Migrating customers smoothly from passwords to synced passkeys for low-assurance use cases and device-bound passkeys for high-assurance use cases.
- Helping organizations deploy FIDO to their workforce and better control their FIDO keys life cycle.
- Removing completely passwords from the authentication flow when accessing Windows desktops or web applications.
- Leveraging industry-leading access management capabilities for deploying flexible and contextual passwordless authentication journeys for consumers, workforce and third-party users.
Download your copy of the Passwordless 360° report to kick-start your journey!