Jan 27 2022

Take These 4 Steps to Get Rid of Passwords For Good

Drop the symbols and numbers and find a new way to verify identity on the network.

A steady stream of phishing and ransomware attacks in 2021 demonstrated that passwords aren’t secure enough to protect the modern enterprise. Passwordless authentication increases security, improves the user experience and provides administrators with deeper insight into user activity. Here are four tips to create and deploy this security method:

1. Deploy a Password Replacement Solution First

Before you can move away from passwords, you’ll need strong authentication technology in place. Microsoft Windows Hello for Business is a good option for organizations that rely upon Active Directory, as it incorporates a strong, hardware-protected credential that allows single sign-on to Active Directory, both on-premises and in the cloud.

Click below for exclusive content to ease your workers' burdens when you register as an Insider.

2. Do a Risk Assessment to Develop Authentication Requirements 

Analyze the risk associated with each information system used in your environment to determine the probability and the impact of a potential breach. This will help you develop authentication requirements for each system commensurate with the level of risk they present. It will also help to prioritize your work, focusing first on the highest risks.

3. Cut Down on the Number of Times Users Must Enter Passwords

Users are conditioned to enter their passwords dozens of times per day. Removing those requirements dramatically improves the user experience by allowing them to seamlessly move from system to system and gets them out of the habit of using passwords routinely. Once you’ve minimized the number of times that users encounter password prompts, you can transition to a truly passwordless environment.

4. Eliminate Passwords from the Identity Directory

This is the ultimate goal of a passwordless strategy, but you won’t be able to take this final step until you’ve modernized every legacy system that relies on password authentication. Once you’ve removed passwords entirely, you’re safe from password theft attacks because there simply are no passwords to steal.

designer491/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT