We’re Looking at the Future, and It Doesn't Have Passwords

We’re rapidly moving towards the enterprise of the future—but what does that look like? It could be a place where employees have intelligent interactions with machines, or an environment where commuting becomes obsolete because we can show up to meetings as holograms. No one can say for sure what the future looks like—but based on today’s trends, we can make some educated guesses. The one feature I don’t see standing the test of time? Passwords.

Poor password hygiene—such as users regularly forgetting their login details and using the same passwords across multiple accounts—is more common than it should be. Our recent Passwordless Future Report indicates that 78% of employees use insecure methods to remember their credentials. This figure spikes to 86% for workers aged between 18 and 34—employees who still have decades ahead of them in the workforce.

These common shortcuts for managing login credentials make it increasingly simple for bad actors to access and exploit user accounts through data breaches and identity fraud. As such, organizations that want to secure their workforce have to seriously consider reducing their reliance on passwords—or getting rid of them altogether.

At Okta, we’ve been helping organizations do just that. Customers like Norwegian Refugee Council (NRC) and Dentsu Aegis Network are actively working towards streamlining and protecting user access in a world of developing security threats.

Going passwordless eases crisis situation management

Access management is mission-critical to the NRC. Its 7,000 humanitarian workers across 31 countries require seamless, secure access to applications and communication platforms in order to make quick decisions in crisis situations—often in highly remote regions. However, the organization had struggled to deliver necessary levels of aid due to government legislation that often censors internet use and bans VPNs, alongside the limited connectivity and unwieldy provisioning workloads of its on-premises infrastructure.

Turning to Okta’s identity platform enabled NRC’s employees to easily access all their core apps without compromising on security:

  • Users now log in through Okta Single Sign-On to access cloud apps such as Workplace by Facebook, Unit4 Web Client, and Kaya rather than accessing each application individually. This means they no longer have to worry about losing hours of work by getting locked out of a critical app.
  • Providing Adaptive Multi-factor Authentication (Adaptive MFA) on top of this helps NRC avoid the hassle of dealing with VPNs, which have previously eaten up 2,000 hours of IT maintenance time.
  • Okta’s Lifecycle Management boosted NRC’s productivity levels as employees no longer have to wait for access to applications. Okta’s solution automates user lifecycle management and revokes application access as soon as workers leave the organization, which hugely reduces the chances of a breach.

For the NRC, the case for going passwordless is clear. Not only does it improve the user experience, but it allows the organization to focus on delivering its mission-critical work to those who need it.

Reducing passwords simplifies company growth

Dentsu Aegis Network, a global media and communications agency, has been expanding its footprint through a series of mergers and acquisitions over the last few years. This approach to growth created numerous challenges for managing their user identities.

By the time the network reached 45,000 users in more than 130 countries with varying IT environments, its legacy systems weren’t up to the task of protecting them. As a result, its on-premises framework was expensive and IT spent a significant amount of time and budget on maintenance and troubleshooting.

Dentsu Aegis deployed Okta’s Identity Platform as part of its move towards becoming a cloud-first organization. This began with implementing SSO and Adaptive MFA to secure 15 core cloud applications, including Office 365, Workday, Tableau, ServiceNow, and Zoom, which reaped immediate benefits:

  • The company rolled out Adaptive MFA, choosing Okta Verify—Okta’s mobile app which prompts users to verify their identities by approving a push notification on their primary device—as their primary factor. This reduced their reliance on passwords and helped further secure their networks and applications.
  • The move to a cloud identity platform hugely simplified the task of enabling Dentsu Aegis employees to access work tools and applications from anywhere and on any device.
  • Okta’s Integration Network provides users with the choice of more than 6,000 applications, safe in the knowledge that each individual app is secure. Furthermore, IT rarely has to get involved in app provisioning, and the company faces less risk of security breaches caused by credential harvesting and password-based attacks.

What to keep in mind when going passwordless

As both the NRC and Dentsu Aegis have shown, there are a number of ways that organizations can minimize their reliance on passwords. When organizations embrace different authentication factors, they can start validating user identities more effectively—without the burden and risk introduced by passwords. These factors include:

  • Knowledge factors: PINs or passphrases
  • Proof of possession: Mobile authenticator apps (i.e., Okta Verify), hardware tokens, and one-time password (OTP) codes
  • Biometrics: Facial recognition or fingerprint authentication

By combining multi-factor authentication with a single sign-on solution, companies can secure authentication to all their enterprise applications through one access point. Across various industries, Okta’s modern identity solutions are helping businesses to enhance user experiences by incorporating these features and removing their reliance on passwords.

Regardless of what the enterprise of the future looks like, its success will be reliant on eliminating passwords from their processes. The NRC and Dentsu Aegis are prime examples of how moving towards passwordless can help businesses become more secure and provide employees the opportunity to focus on their critical tasks. Will you join them?

To learn more about the benefits of going passwordless, read our Passwordless Future Report.