Passwords have long plagued the workplace. Not only do they continue to be a source of frustration and inefficiency for employees, they are also a significant security risk to organizations. As the root cause of 80% of data breaches (according to the Verizon Data Breach Investigations Report), and the culprit behind hours of lost productivity every month, investing in technology that is more secure than a traditional username and password while eliminating password frustrations is just smart.
What is “passwordless”, exactly?
Going “passwordless” in your organization means enabling your employees to securely authenticate into their work without having to type a password. Passwordless authentication introduces new ways for employees to efficiently and securely gain access to work resources, without relying on a traditional username and password. Behind-the-scenes authentication protocols like SAML are used to verify a user’s identity, and access is seamlessly granted.
Without a password to remember and enter for every account, there are no more account resets, password reset requests, and manual password rotation. IT costs are reduced as valuable time is freed up to focus on other priorities. Employees are more productive because they can more quickly connect to the resources that help them do their job, without disruptions to their workflow. By relying on authentication technologies that remove the password (and all its weaknesses) from the verification process, security is strengthened organization wide.
What is Single Sign-On?
There are, of course, several technologies that can help organizations achieve a passwordless experience. One of those is Single Sign-On, or SSO.
SSO does what it sounds like: It gives employees a single login to connect them to their work resources. The employee simply remembers one password to their SSO portal and is then able to access the SSO applications assigned to them. When the employee launches the resource they want to log in to – whether a cloud app, mobile app, or other service – the SSO provider authenticates the user behind-the-scenes. The employee bypasses any username and password, and simply gets to work – providing a passwordless employee experience.
For example, let’s say your company is using Workday for HR management. With SSO in place, an admin would simply configure Workday (a service provider) to recognize your SSO service as the identity provider. Once configured, you can decide which employees (global, specific groups, or individuals) should have access to Workday, and assign those permissions in the SSO provider. To access Workday, the employee simply needs to be logged in to their SSO portal, where they can click on the Workday app to launch and access their Workday account.
In that way, SSO eliminates account passwords, and offers a passwordless employee experience for all work apps and resources. By removing insecure passwords from the authentication process, IT can also expect greater overall security. IT also gains greater control over and insight into user access behaviors.
Going passwordless with SSO
In the past, SSO solutions provided limited coverage of services, meaning many employees still had to remember dozens of usernames and passwords for accounts that weren’t supported by SSO.
With an extensive app catalog and integration with password management, LastPass solves this problem by providing universal coverage of all logins across an organization. The employee has one password to remember, the one that unlocks their SSO portal, while LastPass does the rest. With LastPass, IT maintains complete control over user access, with the flexibility to customize based on user, group, or role.
Achieving a true passwordless experience, then, is often a matter of selecting and combining the right identity technologies to gain universal coverage across all logins in the organization. Single Sign-On is instrumental in removing passwords from the employee workflow while improving overall efficiency and security.