Cisco Secure, which provides enterprise security, introduced passwordless authentication by Duo, which will allow enterprise users to securely log into cloud applications using security keys or biometrics built into devices.
Keeping passwords, while necessary, is a struggle. Even if there are password managers, the free subscription does not always have the same level of security of the paid ones.
Riding on the already existing Duo platform, the this passwordless authentication is part of Cisco’s zero trust platform, securing access for any user, from any device, to any IT application or environment. The product is designed to work on any infrastructure or device so enterprises can protect any combination of cloud and on-premises applications without requiring multiple authentication products or leaving critical security gaps.
“Cisco has strived to develop passwordless authentication that meets the needs of a diverse and evolving workforce and allows the broadest set of enterprises to securely progress toward a passwordless future, regardless of their IT stack,” said Gee Rittenhouse, SVP and GM of Cisco’s Security Business Group. “It’s not an overstatement to say that passwordless authentication will have the most meaningful global impact on how users access data by making the easiest path the most secure.”
Cisco’s Duo authentication is being used by more than 25,000 organizations globally.
With this new product, enterprises will be able to simplify and strengthen authentication for accessing cloud applications protected by Duo single sign-on (SSO) and third-party SSO and identity providers, by leveraging security keys and platform biometrics such as Apple FaceID and TouchID, and Windows Hello.
It can also pair passwordless authentication with Duo SSO and it will enable organizations to consolidate hundreds of passwords and authentications into one easy login for users to cloud applications.
Cisco Duo can provide one security tool for all authentication scenarios with Duo’s compatibility with hundreds of applications and identity providers, with no infrastructure change required.
The product is designed to reduce risk of password-related threats and vulnerabilities such as phishing, stolen or weak passwords, password reuse, brute-force, man-in-the-middle attacks, and password database compromise.
It can also add layers of security to the authentication with device health and behavior monitoring controls via Duo’s secure access product suite, further reducing risk in the event a biometric is stolen or not effective.
Duo can reduce administrative burden of password-related help desk tickets and password resets.
Cisco believes workforces are ripe for the adoption of passwordless authentication. Quoting the 2020 Duo Trusted Access Report, it said 80% of mobile devices used for work have biometrics configured, up 12% the past five years.
Duo passwordless authentication leverages the Web Authentication (WebAuthn) standard, based in asymmetric cryptography, enabling biometrics to be securely stored on and validated by the device, locally, as opposed to a centralized database. Duo helped drive WebAuthn’s ratification as an official web standard and adoption across platforms as a member of the World Wide Web Consortium (W3C) working group.
Duo passwordless authentication will be available for public preview sometime this year (2021).