What Could a Passwordless Workplace Look Like?

Teju Shyamsundar
Senior Product Marketing Manager
November 30, 2018

Passwords have been a constant throughout our digital “coming of age”. As we’ve moved from desktops to smartphones, from on-premises infrastructure to cloud services, we’ve all relied on passwords to access and safeguard our data and resources. Passwords are so deeply ingrained into our web apps and accounts, it can be challenging to imagine operating without them.

The hard truth about coming of age, however, is there are some constants that you simply outgrow. Times change, and keeping afloat means adapting to them. Information security in the modern enterprise is no exception to this—you only need to read the latest data breach headline to realise the cyber world is a harsher place now than in the early days of the internet. That 81% of these data breaches involve stolen or weak passwords is a clear sign—to grow along with the digital age, we must leave passwords behind.

Earlier this year, we wrote a post to say that it’s finally time to say goodbye to passwords. Now, users, whether they realise it or not, may be ready to do so. Consider these findings from a joint report between Opus Research, Mastercard, and The University of Oxford:

  • Users have up to 90 online accounts
  • 51% of passwords are used at least twice by a given user
  • 21% forget passwords two weeks after creation
  • 25% of users forget at least one password per day

It’s easy to see how this negatively impacts the workplace. Users forgetting passwords on a regular basis add up to a lot of time spent frozen out of their accounts—and lost productivity. IT, meanwhile, has to devote hours of time to dealing with password resets at the expense of more pressing initiatives.

Passwords are the cause of these everyday disruptions. Here’s how the workplace could look without them.

Secure access guaranteed, from anywhere, at any time

Passwords are far from the best authentication factor to protect your accounts. Passwords as a form of security are based on what the user knows, which makes them too easy for users to forget—and for hackers to get ahold of. The issue here is that password-protected devices, networks, and systems have no way of knowing whether the right person has entered that password. They respond only to the correct credentials, not the correct context. IT admins can use contextual access management to cut passwords out of the workplace with Okta Adaptive MFA. They can design their organisation’s security policies to define what login contexts are considered irregular or not, and can choose to implement a range of authentication factors to replace passwords, like mobile authenticator apps like Okta Verify or U2F tokens.

This also improves the user experience. Users want to work remotely from the device and network of their choice, and IT can make sure they can do so securely by evaluating the device, location, and network they use to gain access.

Let’s take Jane, for example. Most of the time she works in her office in Los Angeles, occasionally from a local cafe next door. These locations and networks have been defined as safe by her IT admins, so all she needs to do to gain access to her work systems is tap a push notification sent to her phone—it’s access made easy.

However, now she’s flying to Manila for a week-long business trip. She hasn’t been before, and tries to connect to her work system in the hotel. Because this is such an unprecedented access request, her IT admins prompt her to login via biometrics on Okta Verify. Jane receives her access, and the system now knows that her hotel network in Manila is a safe and verified location. Moving forward, she can log in without an additional authentication step for the rest of the week, allowing her faster access to the files she needs to prepare for her presentation.

When it comes to sharpening the enterprise, there’s no such thing as a silver bullet—threats will always evolve, and processes can always improve. However, with the solutions in place to authenticate the identity every user, a passwordless workplace could be anywhere in the world.

Inspired to go passwordless? Find out how by reading our whitepaper, How to Go Passwordless with Okta.

Teju Shyamsundar
Senior Product Marketing Manager

Teju Shyamsundar is a Senior Product Marketing Manager at Okta, leading our Adaptive Authentication products. Prior to Okta, she worked at Microsoft and implemented enterprise mobility technologies across a large set of enterprise customers in various industries. Teju now works on driving the value of Okta’s adaptive MFA and Adaptive SSO capabilities across customers and partners. Teju holds a BS degree in Computer & Information Technology from Purdue University.

Tags

Passwordless Adaptive MFA Okta Adaptive Multi-Factor Authentication Okta Adaptive MFA
Previous
Next

June 24, 2021

User Management: An Afterthought for Some, Prerequisite for Others

By James Flores
You’ve just adopted a new service! Great! But no one is using it. Why not? It appears that no one has access to the application, so no one wants to create a…

Read now

July 17, 2020

What Is Provisioning and Deprovisioning?

By Mick Johnson
Provisioning is the process of making information technology (IT) systems available to users. Depending on your organisation’s needs, provisioning can be…

Read now

July 16, 2020

What Is Biometric Authentication?

By Swaroop Sham
Biometric authentication is a security process that compares a person’s characteristics to a stored set of biometric data in order to grant access to buildings…

Read now

July 7, 2020

What Is a Password Manager and Is It Safe to Use One?

By Daniel Lu
A password manager is an application that stores and manages online credentials—think of it as a type of vault that keeps passwords safe. In addition, password…

Read now

July 30, 2019

How To Protect On-Prem and Hybrid Cloud apps With Okta (Fast)

By Frederico Hakamine
Okta has always made protecting cloud applications easy; and with the introduction of Okta Access Gateway we extend that protection to on-premises applications…

Read now