“Cisco Duo simplifies the passwordless journey for organizations that wish to implement phishing-resistant authentication and undertake a zero belief safety technique.“ – Jack Poller, Senior Analyst, ESG
We obtained large participation and suggestions throughout our public preview, and we at the moment are excited to convey this functionality to our clients and prospects.
“Over the previous few years, we’ve elevated our password complexities and required 2FA wherever attainable. With this method, staff had extra password lock outs, password fatigue, and forgetting their longer passwords as a consequence of password rotations. With Duo Passwordless, we’re excited to introduce this characteristic to our staff to maintain our password complexities in place and leverage totally different Biometric choices whether or not that’s utilizing their cellular gadget, Home windows Whats up, or a offered FIDO safety key. The Duo Push for passwordless authentication characteristic is easy and simple and introduces a extra nice expertise total. Utilizing Duo’s gadget perception and utility insurance policies, we’re in a position to leverage and confirm the safety of the cellular units earlier than the gadget is allowed for use. To high it off, Duo is linked to our SIEM and our InfoSec group is ready to evaluation detailed logs and setup alerts to have the ability to hold every little thing safe.” – Vice President of IT , Banking and Monetary Companies Buyer
As with every new know-how, attending to a totally passwordless state might be a journey for a lot of organizations. We see clients usually beginning their passwordless journey with web-based purposes that help trendy authentication. To that impact, Duo’s passwordless authentication is enabled via Duo Single Signal-On (SSO) for federated purposes. Clients can select to combine their current SAML Identification supplier akin to Microsoft (ADFS, Azure), Okta or Ping Identification; or select to make use of Duo SSO (Out there throughout all Duo editions).
“Password administration is a difficult proposition for a lot of enterprises, particularly in mild of BYOD and ever growing sophistication of phishing schemes. Cisco goals to simplify the method with its Duo passwordless authentication that provides out-of-box integrations with common single sign-on options.” – Will Townsend, Vice President & Principal Analyst, Networking & Safety, Moor Insights & Technique
Duo’s Passwordless Structure
Duo gives a versatile alternative of passwordless authentication choices to satisfy the wants of companies and their use circumstances. This consists of:
- FIDO2 compliant, phishing-resistant authentication utilizing
- Platform authenticators – TouchID, FaceID, Home windows Whats up, Android biometrics
- Roaming authenticators – safety keys (e.g. Yubico, Feitian)
- Robust authentication utilizing Duo Cell authenticator utility
Irrespective of which authentication choice you select, it’s safe and inherently multi-factor authentication. We’re eliminating the necessity for the weak information issue (one thing you already know – passwords) that are shared throughout authentication and may be simply compromised. As an alternative, we’re counting on stronger elements, that are the inherence issue (one thing you’re – biometrics) and possession issue (one thing you have got – a registered gadget). A person completes this authentication in a single gesture with out having to recollect a fancy string of characters. This considerably improves the person expertise and mitigates the danger of stolen credentials and man-in-the-middle (MiTM) assaults.
Phishing resistant passwordless authentication with FIDO2
FIDO2 authentication is thought to be phishing-resistant authentication as a result of it:
- Removes passwords or shared secrets and techniques from the login workflow. Attackers can’t intercept passwords or use stolen credentials accessible on the darkish internet.
- Creates a powerful binding between the browser session and the gadget getting used. Login is allowed solely from the gadget authenticating to an utility.
- Ensures that the credential (public/non-public key) change can solely occur between the gadget and the registered service supplier. This prevents login to pretend or phishing web sites.
Utilizing Duo with FIDO2 authenticators allows organizations to implement phishing-resistant MFA of their atmosphere. It additionally complies with the Workplace of Administration and Funds (OMB) steerage issued earlier this yr in a memo titled “Transferring the U.S. Authorities In direction of Zero Belief Cybersecurity Rules”. The memo particularly requires companies to make use of phishing-resistant authentication methodology.
We perceive that getting the IT infrastructure able to help FIDO2 may be costly and is often a long-term challenge for organizations. As well as, deploying and managing third occasion safety keys creates IT overhead that some organizations should not in a position to undertake instantly.
Alternatively, utilizing Duo Push for passwordless authentication is a straightforward, price efficient to get began on a passwordless journey for a lot of organizations, with out compromising on safety.
Robust passwordless authentication utilizing Duo Cell
We have now included safety into the login workflow to bind the browser session and the gadget getting used. So, organizations get the identical advantages of eliminating use of stolen credentials and mitigation of phishing assaults. To be taught extra about passwordless authentication with Duo Push, take a look at our put up: Out there Now! Passwordless Authentication Is Only a Faucet Away.
Past passwordless: Enthusiastic about Zero Belief Entry and steady verification
Along with going passwordless, many organizations need to implement zero belief entry of their IT atmosphere. This atmosphere usually is a mixture of trendy and legacy purposes, which means passwordless can’t be universally adopted. A minimum of not till all purposes can help trendy authentication.
Moreover, organizations have to help a broad vary of use circumstances to permit entry from each managed and unmanaged (private or 3rd occasion contractor) units. And IT safety groups want visibility into these units and the flexibility to implement compliance to satisfy the group’s safety insurance policies akin to guaranteeing that the working system (OS) and internet browser variations are updated. The significance of verifying gadget posture on the time of authentication is emphasised within the steerage offered by OMB’s zero belief memorandum – “authorization techniques ought to work to include a minimum of one device-level sign alongside identification details about the authenticated person.”
Duo may also help organizations undertake a zero belief safety mannequin by imposing robust person authentication throughout the board both via passwordless authentication the place relevant or thought password + MFA the place obligatory, whereas offering a constant person expertise. Additional, with capabilities akin to gadget belief and granular adaptive insurance policies, and with our imaginative and prescient for Steady Trusted Entry, organizations get a trusted safety companion they will depend on for implementing zero belief entry of their atmosphere.
To be taught extra, take a look at the eBook – Passwordless: The Way forward for Authentication, which outlines a 5-step path to get began. And watch the passwordless product demo on this on-demand webinar .
A lot of our clients have already begun their passwordless journey. If you’re trying to get began as nicely, sign-up for a free trial and attain out to our wonderful representatives.
We’d love to listen to what you suppose. Ask a Query, Remark Under, and Keep Linked with Cisco Safe on social!
Cisco Safe Social Channels