Whitepaper

Simplifying and Strengthening Authentication with Passwordless Desktop MFA

If a password is like a house key, the security foundation of an organization's IT systems should have a securely locked front door. Make the front door as secure as possible, and you may as well never need a house key again. By implementing more complex passwords, organizations end up wasting time, money, and resources on password resets while reducing workforce productivity. Secure application login is important, however the initial authentication point for most of the workforce is the laptop, desktop or workstation itself. HYPR provides a simple yet secure login with its passwordless and phishing-resistant MFA solution, which identifies the user at the desktop and makes the front door as secure as possible. As a result, your desktop MFA can be used to seamlessly and safely log into your device, enabling access to applications in real time.

Alejandro Leal

al@kuppingercole.com

Commissioned by HYPR

1 Introduction

To ensure that the right people have access to the right data and IT resources under the right conditions is perhaps the main security objective in an organization. Traditionally, passwords were supposed to add a protection layer to the overall security of IT systems. However, when an individual uses many password-protected services, memorizing unique passwords for each platform is impractical and time consuming. It is also relatively easy to defeat with minimal effort.

Passwords are problematic, risky, and managing them is a constant headache. Organizations often require employees to comply with a long list of requirements to ensure password safety. This leads to poor user experience, costly password resets, and password fatigue in workspaces where IT departments and employees are already overburdened and understaffed.

Adding multi-factor authentication (MFA) alongside traditional passwords only increases the burden on both employees and IT teams, and organizations often struggle to enforce its adoption by their employees. MFA consists of users gaining access to a website or application by providing two or more factors in order to be authenticated: something they are, something they have, and something they know. This usually comes on top of a password.

These other factors may include PINs, mobile SMS codes, and one-time passwords (OTP). While these are certainly better than passwords alone, determined hackers and cybercriminals can exploit account-recovery systems, intercept access codes, or use other methods to bypass MFA. This is what happened in the massive Solar Winds attack and the recent attacks by the Lapsus$ hacking group. The latter group gained access to victims through an overload of notifications and prompts via MFA applications. Despite the use of MFA solutions, individuals in organizations continue to fall victim to password-based attacks such as credential stuffing, credential theft, man-in-the-middle attacks, and phishing attacks.

Zero Trust should begin at the laptop, desktop or workstation, as this is where most users - and attackers - are entering your IT infrastructure

The spike in password-based attacks has coincided with the shift to remote and hybrid work and the deliberate targeting of remote workers. While a password-based MFA system may once have been effective enough, its viability in today's threat landscape is fundamentally diminished. As a result, many organizations are increasingly considering passwordless authentication methods that will achieve security assurance along with a consumer-grade, frictionless experience. Additionally, removing passwords reduces the help desk cost, which is significantly affected by the cost of resetting passwords.

Since the initial authentication point for most of the workforce is the laptop, desktop or workstation itself, it is essential to ensure security at the very beginning. Using a passwordless authentication solution that only works for applications and websites can leave your workforce vulnerable to serious security risks. It is evident that desktop authentication has become a critical component to the overall security posture of an organization. A passwordless authentication solution should offer a variety of secure authentication options for the desktops of an organization's workforce, ideally with the same login experience as apps.

HYPR provides true passwordless authentication that starts at the desktop and integrates with various Identity Providers (IdPs). With HYPR, organizations can protect their resources, eliminate credential reuse, and stop phishing attacks, and, at the same time, accelerate employee productivity. HYPR reduces your attack surface and delivers a seamless, frictionless authentication flow and user experience from desktop to cloud, including remote access points.

Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.