How to Prepare Your Employees for Passwordless Authentication

Passwordless authentication is coming, and the time to prepare your company is now. If you're an IT professional, then you likely already know why going password[less] is going to benefit your organization. In the end, it will make your business more secure, and it will be easier for your employees, too. But implementing passwordless authentication is about more than making the necessary technology investments; you also need to set realistic expectations for adoption and be able to quickly respond when challenges come up. This way, you can ensure that your employees have the support they need to successfully go password[less].

1. Assess your current authentication tools and processes

Before implementing passwordless authentication, make sure you understand how everyone currently logs in. Are your employees hybrid, in-office, or completely remote? How are they authenticating? Does that authentication happen differently depending on where they are or what devices and operating systems they're using? Are they using company-provided technology, or do they participate in a Bring Your Own Device (BYOD) program? What about people you wouldn't consider employees, such as contractors, business partners, or volunteers? When, how, and from where do they log in, and what does that process look like? Do any of your users travel extensively, and if so, do they have special requirements concerning authentication? Then, review your current authentication technologies, practices, and policies. Does your organization use passwords and multi-factor authentication? Are you taking advantage of biometrics like fingerprint identification and facial recognition? What about hardware keys? Are you already using a password manager to securely store employee passwords in an encrypted vault? Are there particular applications, systems, or tools that have additional authentication measures in place due to the sensitive data they contain, such as customer information or intellectual property? Or are there specific user accounts – for example, IT administrator accounts or the like – for which this is true? What kinds of security policies are currently in place, for example a password policy, and do any of them need a refresh now that you're introducing passwordless authentication?

2. Ask your employees what their current login experience is like

Do you know how your employees and other users feel about their current login experience? If you haven't already done so, it might be worth directly asking them – whether informally or in a survey – what happens when they try to get into their work accounts, if they run into any friction when doing so, and how they typically resolve any problems that arise. You may even choose to ask them point blank what it's like using traditional password-based authentication now and what would be better from their perspective. Their answers will tell you a lot about how they currently log into their accounts and whether they use the IT resources they've been given to solve their authentication problems. While conducting this survey, you might even spot a couple of trends worth noting – for example, a group of users such as remote employees, executives, people with privileged access, or people in a specific department or team – in essence, users who have unique challenges or requirements you might not have known about. You can use these insights to make sure that all of your users have as smooth an experience as possible when your company transitions to passwordless authentication.

3. Identify where you can integrate passwordless authentication with your current tools

Next, look at your current tech stack and see where it makes sense to integrate passwordless authentication with what you have now. For example, if you already use biometric authentication, it may make perfect sense to take advantage of biometrics when you roll out passwordless authentication. Since your users are already familiar with that technology and some of them are probably using it in their personal lives too, the learning curve may be a little easier for them. If you already use LastPass to secure employee passwords, then you also have an advantage there since LastPass supports best practices in passwordless authentication such as FIDO2 compatibility. If you use hardware keys or plan to start using them, then they could also be integrated with your new passwordless solution, but you may have to account for the logistics involved in making sure everyone who needs a key receives one in time and has access to support if something doesn't work out as planned.

4. Do a pilot test of your new passwordless authentication solution

Once you've outlined how authentication works and determined where it makes sense to go password[less], consider doing a small pilot test of your new passwordless authentication tools and processes before rolling them out to the entire organization. This way, you'll be able to quickly discover what's working as planned and what isn't so you can make the necessary adjustments before impacting your entire user community. If you conducted a user survey like the one mentioned in step 2, you may have already identified a few people who would make great beta testers. You might benefit from including tech-savvy folks as well as people who aren't so comfortable with technology. It might also make sense to include users who are remote-only, people with disabilities who use assistive technology, executives or privileged users with especially advanced security requirements, or other groups who have unique authentication processes for one reason or another. Use their feedback to address any potential implementation issues in advance.

5. Educate your employees on passwordless authentication

Help your employees understand what passwordless authentication is, why it matters, and how it will work at your company. You can provide them with a mix of educational resources, such as an in-person brown bag workshop, pre-recorded videos, live webinars, or cheat sheets. Also give some thought to the content of your training materials. If some of the users who responded to your survey indicated that they're tired of trying to remember all of their passwords, for example, you can explain how a password[less] approach will solve that common problem. During the pilot phase, you may have heard certain questions come up fairly often. Feel free to touch on them in your training. Any kind of technology change can make people anxious, especially if it involves how they log into their accounts, so make sure to tell your users exactly how they will be able to get help if they run into problems.

6. Get ready for a spike in user support requests

You're probably going to see an uptick in help desk tickets as you roll out passwordless authentication at your company. With that in mind, make sure you have a plan for supporting your users when your new passwordless authentication system goes live. If you've got users who are traveling or in different time zones, account for their needs, as well. Hopefully, you will already have a good idea of what to expect based on the results of your pilot test from step 4.

Prepare your employees for passwordless authentication

Passwordless authentication is coming, and it's going to make everyone's digital lives a lot better in the long run. That said, going password[less] is about more than adopting technology like biometrics or hardware keys. It's also about managing technology change and helping your users adapt to a new way of logging in. By creating a comprehensive plan for going password[less], you can make the transition much simpler for your users and ensure a greater chance of success with your password[less] initiative. Discover how LastPass enables passwordless authentication.