Commissioned by Axiad
1 Executive Summary
Passwords are a major security flaw, yet still remain a staple of most enterprises. Passwords themselves – and the customer, employee, and organizational information that they protect – are frequently a target for attackers. The repositories of passwords that organizations hold are valuable, and individual passwords themselves are easier to intercept. Passwords are also often not used properly by individuals; many employees reuse the same password for multiple private or professional accounts even though it is a well-known bad practice. Selecting non-random passwords, not updating them regularly, updating with only a single character change, and sharing with colleagues to get work done faster are not uncommon occurrences. For a more secure enterprise, organizations should consider going passwordless.
Going passwordless refers to using authentication methods that do not send a password between the user and the desired service, but rather other methods that limit where the key travels, making use of biometric authentication, device signals, PIN, PKI, certificates, and hardware tokens. Passwordless initiatives support zero trust initiatives because they enable authentication with higher confidence, helping to fulfill the goal of "never trust, always verify". Passwordless initiatives can also empower users to act securely with less friction. By removing passwords (and their misuse) and replacing them with more-secure options, the organization's security posture can be improved.
Going completely passwordless poses its own challenges for the organization. There are many authentication use cases that an organization must fulfill, ranging from building access to cloud application and mobile access. This range of use cases may require several authentication methods, which can be unruly to manage centrally. This is especially true when the divide between hardware tokens and app-driven multifactor authentication must be bridged.
Unified credential management can address some of these challenges. An interoperable platform that connects common identity providers (IdPs), standards, protocols, and often used authenticators can provide a single pane of glass to view and manage the many credential types in use across the organization. Approved authenticators can be enforced across the organization to ensure that a passwordless option is indeed being used by all employees. A self-service component can allow users to renew credentials themselves.
Axiad's cloud-based Integrated Authentication Platform, called Axiad Cloud, delivers enterprise-wide passwordless authentication. This single, unified solution spans multiple use cases, authentication methods, and identity types. Key modules of the platform include Unified Credential Management, User Authentication, Enterprise PKI, and Passwordless/MFA. Axiad is based in Santa Clara, CA, USA and was founded in 2010.