Passwords are frustrating to employees and create security vulnerabilities for the business. Both of these realities leave organizations searching for a more streamlined and secure way for employees to log into all of their work. Passwordless authentication helps eliminate both by securely authenticating employees into their work applications, without having to type a password.
Passwordless authentication does not necessarily eliminate the password from the IT infrastructure (in some cases it does!) but eliminates the need for the employee to manually type out a username and password for a secure login. There are multiple ways in which passwordless authentication works, a few examples being biometric authentication, single sign-on and federation. Passwordless authentication technologies ultimately create a secure connection between users, devices and applications behind-the-scenes so employees can enjoy a passwordless experience while IT has the assurance that employees are who they say they are.
How Biometric Authentication Works
Biometric authentication is a type of multi-factor authentication which uses who you are physically as the authentication factor – your fingerprint, face or even voice. For example, an employee logs into an application at work. The employee is first sent a push notification to their mobile device, which is the first authentication factor. The employee would then accept the push notification and authenticate with their fingerprint on their mobile device, this is the second authentication factor, which is biometric authentication in practice.
Biometric factors are unique to the employee themselves and can be a secure method to replace the password in the employee login experience. Biometrics do not eliminate the password, but serve as a secure, alternative method of logging in.
One of the most common examples of biometric authentication technology is Apple Touch/Face ID. The way Apple Touch/Face ID works is an employee would verify their biometric data on their mobile device by scanning and verifying their fingerprint or face. The biometric data would be stored locally on the employee’s device, and then would be encrypted at the device level. When the employee scans their fingerprint or face again for authentication, Apple Touch/Face ID will compare the fingerprint or face to the encrypted biometric data stored on the device to determine whether the two data sources match. If the data sources do match, the employee is authenticated and if they do not, the authentication is denied.
Biometric Delivers on UX, But Don’t Forget About Privacy
Biometric authentication delivers the simple, streamlined user experience employees want to access their work applications. It’s authentication by the touch of a fingerprint. However, when it comes to biometric authentication it’s critical the technology is built on a local-only encryption model. This means that biometric information is stored on the device itself, versus in the cloud, which helps ensure the biometric data remains private to the user.
LastPass Identity delivers a passwordless login experience for employees using biometric authentications across critical all work devices. Employees can authenticate with their fingerprint or face on their mobile device using the LastPass MFA application to authenticate into web apps, legacy apps and VPNs. In addition, the Workstation Login feature in LastPass Identity enables employees to authenticate into their workstations, both Windows and Mac, using the LastPass MFA application for a passwordless experience logging into their machine. LastPass Identity delivers the passwordless experience through biometrics that employees want, while maintain the privacy of the data that IT teams need.