Authentication has Become Too Complicated
There was a time passwords and hardware tokens were the gold standard for secure login. Businesses had office drawers stocked full of RSA SecurID tokens. In the 2010s, smartphones took user authentication to the next level with new methods such as soft tokens, One-Time Passwords (OTP) or PUSH-based login using a mobile app. Duo Mobile was a great example of an app that displaced hardware tokens as a mainstream method for multi-factor authentication (MFA). As smart phones became ubiquitous across the enterprise the identity platforms saw an opportunity to merge MFA with their products. Soon enough everyone had a dedicated MFA app baked into their Identity suite. Today there are over 200 IAM vendors. For many users the drawer of RSA tokens has been replaced by a smartphone full of MFA apps.
Users Struggle with MFA Fatigue and Password Pain
Fast forward to 2020. Users have many ways to log in such as passwords, hard and soft tokens, OTPs, smartphones, wearables, Windows Hello, SMS, SamsungPass, Touch ID, Face ID... and the list goes on. The authentication landscape has become much more complex and businesses are finding it difficult to maintain a consistent user experience. Ask end users if they enjoy their login experience and you might hear complaints about password complexity, a sense of reduced productivity, and what some call “MFA fatigue.”
MFA has been commoditized and mandated in many places - yet most businesses still have a difficult time enforcing it for customers and employees. Remote work has reignited urgency for multi-factor security by exposing adoption gaps across desktop login, remote access and customer-facing applications. According to Mary Meeker’s 2019 Internet Trends Report, the number of websites supporting Two-Factor Authentication (2FA) had dropped to 52% - with friction being a key factor.
Businesses have more MFA options than ever before and yet they still have gaps in user adoption. The worst part? Everyone is still using passwords.
Remote Work is at an All Time High - and So are Credential Reuse Attacks
The number of Remote Desktop Protocol (RDP) ports exposed to the internet skyrocketed in April 2020 and hackers have taken notice. According to McAfee, the volume of RDP attacks is at an all-time high and continues to grow. The quantity of Virtual Private Network (VPN) users also increased more than 54% in 2020 - while MFA adoption remained relatively flat. The success of MFA adoption depends greatly on its usability. It’s no surprise remote MFA experiences are due for an upgrade.The problem is that passwords have always protected the front door. So what do businesses do when that front door is no longer under their control? They add layers on top of the password – creating friction and forcing users to log in multiple times throughout their day. That friction was tolerated when remote access was infrequently used by few members of the workforce – but not anymore. A remote-first workforce requires a new approach to authentication.
True Passwordless MFA disrupts that model and replaces it with a remote login experience that is fast, consistent, and easy to use.
3 Steps to a Passwordless Remote Workforce
1. Solve Your Desktop MFA Gap
2. Connect Web & Single Sign-On
3. Secure RDP & VPN Login