Passwordless Authentication: A More Convenient and Secure Alternative to Passwords (practical example on Azure AD) 

What is Passwordless Authentication?  

Creating, remembering, and periodically changing passwords is no fun. Nowadays, passwords are an outdated and less secure method of authentication. Currently, a password alone is not enough security and often coexists with another authentication method. In addition to entering a password consisting of lowercase and uppercase letters, numbers, and symbols, the login form will ask you for a code that will appear on your smartphone. Although more secure, MFA can be annoying when it disrupts your workflow. It seems that security does not go hand in hand with convenience. But does it really? This article will present the concept of Passwordless Authentication. 

Passwordless authentication combines convenience with security. Not using a password minimizes the possibility of its leakage. There is also no need to enter a dozen or so characters to access your data. You just need to use an application, hardware key, or another convenient method. 

Passwordless Authentication – a method of authentication that involves replacing a password with something you have, something you know, or who you are. Among other things, you can use the following to log in:  

• Biometrics – fingerprint, face scan, iris scan  

• Hardware keys – FIDO2  

• Phone app – Microsoft Authenticator, Google Authenticator  

• SMS  

 

Configuring Passwordless Authentication on the example of Azure AD.  

Microsoft provides the option of passwordless login for Azure Active Directory users. At present, noteworthy available login methods are:  

• Windows Hello for Business  

• FIDO2 hardware key  

• Microsoft Authenticator app  

• SMS  

• Phone call

 

However, before a user can make the login process easier, proper configuration is necessary.  

First, log in to https://portal.azure.com as a Global Administrator. Open Azure Active Directory and navigate to Manage -> Security -> Authentication methods -> Policies.  

 

Available authentication methods will appear. Select the desired solution (in this example, I will use the Microsoft Authenticator application). 

 

The “Enable” switch activates the authentication method. In the “Include / Exclude” fields, select who the policy will apply to. “Authentication mode” – here the Passwordless option should be selected. In the “Configure” tab, there is an option to customize the details of the Microsoft Authenticator application notification (for example, displaying the location from which the login was made). 

 

After completing the configuration, save it with the “Save” button. 

 

Configuring Passwordless Authentication in the Authenticator app  

In the case of our configuration, to use passwordless authentication, it is required to install and log into the Microsoft Authenticator app with a work account. It is also necessary to enable the option to log in with your phone in the application settings: 

 

Passwordless Authentication in practice  

Successfully configured authentication looks like this: 

  1. The user logs in to the office.com portal. 

 

2. Asked for a password, choose the option to log in with the app. 

 

 

3. The number is displayed. 

4. The Authenticator app displays a notification in which the above number must be entered. After correctly completing the form, the user is logged in. 

 

According to the earlier configuration, the notification shows the login location. 

Summary 

Passwordless Authentication is a much more convenient and secure solution than passwords, although at the moment it is a coexisting method with password-based login. Even though the user doesn’t have to use a password to log in, it doesn’t mean that passwords don’t exist. It is very likely that in the future we will completely get rid of passwords in favor of other authentication methods. 

Contact

Ready to meet the only technology partner you'll ever need?

Cloudica needs the information you provide to contact you about our services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy policy.

Once the above questions have been answered, a disaster recovery and backup readiness index can be calculated based on the following scale: 

  • Level 1: Inadequate – The organization has significant gaps in its disaster recovery and backup posture.  
  • Level 2: Developing – The organization has some disaster recovery and backup processes in place, but significant improvements are needed.  
  • Level 3: Mature – The organization has a mature disaster recovery and backup posture, but there is room for improvement.  
  • Level 4: Robust – The organization has a strong disaster recovery and backup posture and is well-prepared to address potential disruptions.  
  • Level 5: Exceptional – The organization has a comprehensive and mature approach to disaster recovery and backup. 

The disaster recovery and backup readiness index can be calculated by assigning a score of 1-5 to each question based on the level of readiness demonstrated. The scores are then averaged across all questions in each category to determine the readiness level for that category. The overall disaster recovery and backup readiness index is calculated by averaging the readiness levels across all categories. 

Level 1: Basic
You have minimal cybersecurity processes in place and face a high risk of cyberattacks. Immediate attention and significant improvements are necessary to enhance your security posture.

Level 2: Developing
You have some cybersecurity processes in place but require substantial improvements to reach a mature state. You should focus on strengthening your policies, procedures, and security controls.

Level 3: Mature
You have a solid cybersecurity posture, but there is still room for improvement. You should continue enhancing your processes, monitoring capabilities, and incident response practices.

Level 4: Advanced
You have a strong cybersecurity posture and are well-prepared to address potential threats. However, you should remain proactive and stay abreast of emerging threats and technologies to maintain your advanced level of security.

Level 5: Leading
You have a comprehensive and mature approach to cybersecurity. You are a leader in cybersecurity best practices and continually innovate to stay ahead of evolving threats.

Download E-book

"The best way to Outsource IT Staff"

A Game-Changing strategy for business success. How Outsourcing IT Staff Can transform your business.

Cloudica needs the information you provide to contact... Read more

Dziękujemy za rejestrację!

Link do webinaru otrzymają Państwo mailowo dzień przed spotkaniem.

23 Marca 2023

10:00 via MS Teams

Tomasz Woźniak

Thank you!

To download our e-book „The best way to Outsource IT Staff” click button below