Web content filtering: The benefits to hybrid organizations

The main objectives behind web content filtering are accuracy, scalability, and maintainability and unless you have the right service provider working with your organization, these three objectives are going to be hard to meet.

It’s because the three are like cogs in the wheel, and every one of them counts. Accurate blocking makes scalability and maintenance difficult, while easily scalable and maintainable content filtering systems may not be as accurate. 

That’s why content filtering as a service is constantly evolving to address all of these issues and ensure enterprises have a multi-layered defense strategy in place against viruses, malware, phishing attacks, and so on.

First, let’s look at why your hybrid organization needs it

  • Managing compliance requirements:
    By blocking offensive or distracting sites such as social networking platforms and video streaming services on a corporate network you are improving employee productivity as well as ensuring you are managing compliance requirements.
  • Managing bandwidth:
    Web content filtering and YouTube category-based filtering enable organizations to track and regulate access to websites based on their content categories, it can prevent the use of high bandwidth sites like streaming sites that can reduce network performance.
  • Managing cyber threats:
    Web content protects the network by blocking sites that are high-risk, spam, and malicious websites, as well as preventing data leakage. Websites can be blocked by category. For example, websites that come under categories such as Social Media or Entertainment can be blocked.

So, why not just use a firewall, you may wonder.

Well, you can, but the firewall will naturally block particular websites based on defined rules, and that means you cannot allow sub-categories within the website to be whitelisted. For instance, say, a channel on youtube. If your firewall is set to block youtube, the site as a whole will be inaccessible.

The second reason a firewall may not be a perfect choice is that it depends on the internet connection, not on the user or device. And in this era of hybrid working, firewalls can be bypassed if users connect to their home internet.

What you want is to keep the company devices safe and protect them from the risk of compromise even if they access the net from an outside firewall.

Use content filtering the right way

Content filtering is a tool and like any tool, knowing how to use it correctly will help you accomplish your goal. The right service provider can help you navigate the realm of web content filtering.

Take Akku’s content filter for instance. It can be configured to whitelist and blacklist sites. Even within the whitelisted sites, like for instance, YouTube, the Akku filter allows specifically whitelisted channels or categories, blocking all the other irrelevant ones. Akku’s filter uses a proxy server to read each video’s metadata to only allow viewing YouTube content that is allowed, for instance, some reference data or upskilling resources. The filter also allows you to restrict employees by user category defined on Akku’s identity access management solution.

In the hybrid work environment, content filtering by user works better than a firewall internet connection-based content filtering. It’s also helpful for companies too small to invest in on-prem firewalls.

Akku’s dedicated sales specialists are always ready to help with any information you need on content filtering. Contact us to find out more.

The simpler way to manage Remote Employee Onboarding

When onboarding new employees, it’s important to keep the process as simple as possible. When all new user activity occurs in a single system, onboarding, especially remote onboarding, becomes seamless and effortless.

If your onboarding system is integrated with Akku, or if you use Akku itself as the onboarding system, this system becomes the first point of engagement for the user with the organization. Every step of the onboarding process is guided by this tool. Since it collects all the user data requested at the very beginning of the interaction with the new employee, Akku becomes the single source of truth for the entire career journey of the employee.

The onboarding process

Once the employee has been recruited, they are instructed to create an Akku account using their personal email address. A website link is then sent to the employee’s personal email id. Upon clicking on this link, the employee is led to a portal where they can begin onboarding by requesting their new corporate credentials.

Once they receive their new credentials, users log on to the same system using their corporate email address and password. On the same landing page, they see the list of guidelines to be followed, documents to be submitted with deadlines, date and location of reporting, how and what to do upon joining the organization, and more. All details are shared in a single window, often including a downloadable offer letter.

A single source of truth

Since the onboarding process for all employees is undertaken through a common digitized system, Akku becomes a ‘single source of truth’ for all information related to each employee. 

This makes onboarding seamless from the documentation perspective, as the new employee has to upload documents to a single location, and all departments involved can access them directly, as and when needed.

Similarly, since provisioning happens through Akku, access to all relevant software and other digital assets is also granted effortlessly through a single application. Not only is provisioning seamless, but authorized managers across departments can also view details pertaining to the new employee via Akku’s dashboards, as it is the single source of information about the new team member.

Remote onboarding 

This kind of single-window onboarding is extremely valuable to employees working remote or hybrid, as most of their interaction with the organization will be virtual. An efficient onboarding process makes a great first impression. It shows that as an employer, you consider employee support to be a tech priority.

Much of the Know Your Employee (KYE) documentation can (or sometimes, should) be completed before the employee actually joins the organization. Since the portal is open at any time and can be accessed from anywhere, remote document collection (in the form of soft copies) is seamless. This is especially important and useful for employees working remotely, as they may not be located in the same area as your office and could need to travel to visit the office to submit hard copies.

Similarly, since employees are also offered virtual orientation, knowledge transfer and access provisioning, remote onboarding becomes easier.

Benefits to remote employees

  1. Seamless documentation: As discussed earlier, since Akku is a single source of truth, all documentation takes place virtually through the portal itself.
  2. Seamless provisioning: As an Akku-based onboarding system of this kind is a single source of truth in the organization, employees do not have to go outside the system to upload data and documentation about themselves, nor to access relevant information, knowledge, or relevant assets.
  3. Seamless knowledge transfer and training: Akku is integrated with a communication system to push messages and communiques to users. Using this tool, orientation, knowledge transfer and initial training can take place through the system itself.
  4. Seamless reporting: The same tool provides user activity monitoring as well, for the duration of onboarding and orientation, since it tracks the progress of the new employee through the predefined process. Akku can directly intimate HR, reporting manager and head of department regarding the progress of the employee through the KYE process via the system dashboards.
  5. Seamless identity management: Since Akku is a full-fledged IAM, the new employee can directly be provisioned with access to all required software and other assets through Akku itself. At the same time, account credentials for single sign-on (SSO) can also be directly generated.

Automated, single-window onboarding for remote employees makes the process significantly more efficient, especially for large enterprises with a huge number of employees joining per day. Single-window reporting is also a feature that smaller businesses find extremely useful, as it makes user management much more efficient for small HR teams. 

Wondering how to make your onboarding process more efficient? Take it digital with Akku. Contact our team today to discuss how to get started.

Identifying Training Opportunities and Boosting Productivity with a User Activity Monitoring (UAM) tool

User Activity Monitoring tools (UAMs) have a bad rep, with many employees believing that they are used by employers for the sole purpose of spying on them. While this may actually be true in some cases, there are so many ways that a UAM can be of real value to an organization – for both the management and the employees. 

Helping you to identify training opportunities for your employees is among the most important benefits that using a UAM can provide. Gallup found that “hope for career growth opportunities is the number one reason people change jobs today”. By offering training to your top talent, you can upskill them and prepare them for new roles and responsibilities.

Do your employees have the skills they need?

Gartner found that “58% of the workforce will need new skill sets to do their jobs successfully”. However, do you know which employees are up-to-date in their skills, and which ones need upskilling or reskilling?

Similarly, you recruit candidates with the skills and expertise that you require for the organization, but you may request your employee to take on slightly different tasks from time to time.

As a manager, you would ask the employee if they have the skills to take on the task. However, new employees or those being considered for promotion may not be comfortable with replying honestly in the negative.

In such a situation, what does the employee do?

What usually happens in such a situation is that the employee accepts the new responsibility and agrees to deliver within the defined turnaround time. They then log on to Google to find out how to perform the task!

The worst part is that as management, all you know is that your team member is not meeting their commitments. You may think they’re lazy or inefficient. There’s a tendency to put more pressure on them, resulting in unnecessary stress and employee burnout.

Even if you have product management tools where the team logs time spent on different sub-tasks, they’re not likely to log research time. After all, they are trying to hide from management the fact that they lack the required knowledge or skills!

How can you solve this problem?

Use a User Activity Monitoring (UAM) tool to understand how the employees are performing. For instance, Akku’s UAM proxy reads users’ app activity, including which websites they are visiting and how long they’re spending time on sites like Google, Stack Overflow or Stack Exchange.

Akku then shares reports on the relevant data. By studying these reports, you can see which employees are spending an unusual amount of time on Google and other work-oriented research. You then understand that they need more training on specific subjects, and can plan reskilling accordingly.

Using a UAM right 

UAMs are often used by managers to snoop on their employees and penalize them for slacking or for time away from their device. As a result, employees try to work around the system to maintain their privacy.

A UAM is not about policing employees’ time – it’s about productivity. User activity monitoring, when it’s done right, is of great benefit to both employee and employer. Prioritize productivity by identifying skilling opportunities and delivering appropriate training content to your employees who need it, when they need it.

Work with Akku to implement UAM and improve organization productivity. Schedule a consultation with us for more information.

How does a true PAM work?

A Privileged Access Management (PAM) solution helps to secure and control privileged access to critical software and assets. Credentials and specific levels of access to various applications are provided through the PAM.

Usually, organizations implement PAM only for authorization and de-authorization of access to the apps. For instance, let’s say a new employee needs access to Gmail, Jira, and your CRM. Typically, organizations only provide access when the employee joins, and revoke it when he or she leaves. This can be done by a simple Identity and Access Management (IAM) solution – however, a PAM can do much more. (Quick side note: Akku serves both PAM and IAM needs.)

Here are some of the key functions that a PAM solution generally serves.

1. Assigning specific rights and access privileges

On each SaaS platform, what rights does each employee have? For example, take the CRM. Can they add and delete workflows? Is an individual user to be a super-administrator? Do they need to be allowed only to create contacts, but disallowed from editing or deleting?

Access may also be changed for the employee as they grow within the organization. When the employee is promoted, they may get additional responsibilities. For instance, a sales executive may not be allowed to edit contacts, but once promoted as a sales manager, this permission may become necessary. 

You need not go to the CRM to make these changes – you can do so directly from your PAM platform. An IAM and PAM tool (like Akku) will allow you to manage changes to access permissions such as these from a single dashboard, with a single click.

2. Deprovisioning access

The day an employee leaves an organization, the IT team usually uses their generic IAM to revoke access to all SaaS apps (Gmail and Freshdesk, for example). 

However, by doing this, only the IAM gateway to the app is deactivated: the license on the application itself remains. That means that the subscription charges continue on, as well, unless you go to the SaaS platform and delete the license there.

A true PAM directly deletes the license on Gmail or Freshdesk as well. It also follows the same exit procedure as that of the app itself. For instance, Gmail allows you to back-up email data to an email account of your choice before deleting the account. A professional IAM and PAM tool like Akku does the same, following the same laid-down process of the application.

By directly deleting the license on the application platform itself, you can be sure that you won’t waste money on subscription charges due to human error. This kind of automation is essential for enterprise-level customers. As they have a huge number of licenses, it is impossible to manually track the licenses in use and those no longer required. As a result, enterprises may realize that such a costly error has occurred only after subscription fees have built up! 

The PAM also prompts you when you’re not using a license, upon which you can delete the license through the PAM.

Akku is a customizable IAM and PAM solution with user-friendly features that can be configured based on your specific requirements. Our team is well equipped to help you implement PAM at your organization and get the most out of it. Let’s talk.

Think beyond Active Directory for hybrid working

In 2020, the pandemic had a major impact on security and cyberattacks. The year saw the highest number of data breaches and cyberattacks in decades. In India alone, more than 1.1 million cyberattacks were reported in 2020, almost three times the number reported in 2019.

The new norm of work-from-home, paired with the Great Resignation, made cybersecurity even more challenging for enterprises. There was a steep increase in staff turnover and that came with access and privilege requests – all to be administered remotely.

On-prem IAM solution

The traditional, on-premises model for cybersecurity was to implement a solution like Active Directory (AD). This identity and access management solution helped to regulate device and user authorization through password policies and account privilege policies.

Many organizations (approximately 90% of the Global Fortune 1000 companies, says Frost & Sullivan) for identity and access management. Active Directory works on the enterprise network to manage the organization’s devices based on company policies for software and content access, password creation and maintenance, and other security requirements.

It pushes these enterprise policies securely to all network devices. It offers several advantages, primarily control and fast access to information. However, implementation of AD infrastructure in an organization requires proper planning and investment, and that can prove expensive depending on how many systems are being managed. AD depends on the office network and is located in the server room on the office premises.

Working remotely with AD

When using an on-prem IAM solution like Active Directory (AD), users sign on to the single AD portal to access their data and applications. The only way to sign on to AD is via the organization network.

During the pandemic, enterprises suddenly moved to remote working – rendering the on-prem solution useless. Suddenly, users needed to log on to their network from a remote location, through a VPN. The investment in multiple VPN licenses would result in a huge expense, while free or open-source VPNs could lead to security vulnerabilities themselves! This also created an additional step in the log-in/access process.

In addition, since the AD infrastructure depends on the office network and is entirely located in the company’s server rooms, it requires on-premises monitoring and maintenance by at least two trained technicians.

Azure AD

Microsoft understood that these problems could be faced by pandemic-stricken users of AD, and recommends that in such cases, Azure AD (the cloud version of Active Directory) may be used. However, Azure AD is associated with high initial CAPEX and ongoing maintenance costs and requires training for the technicians to be able to manage it.

These expenses are hard to justify, for businesses that had already invested in AD – typically, AD costs a significant amount of time and money. Some small and medium businesses simply could not afford the fresh costs, and instead looked for workarounds that potentially resulted in new vulnerabilities.

So are your only options expense, operational difficulties, or potentially vulnerable workarounds?

Opt for customized IDaaS

With a custom IDaaS (Identity as a service) solution, you gain the flexibility and usability of Azure AD, at a cost that suits your needs. Service providers like Akku offer complete automation of the identity and access management function, on any device accessing enterprise assets, from anywhere.

On-prem is old-school; the future is the cloud. Consider a cloud-native IAM solution like Akku, that’s completely customizable to your requirements. It’s more cost-effective and hassle-free. Contact our team to learn more.

 

The Goldilocks Zone of Content Restriction: Not too wide, not too narrow, but just right

Do you need to restrict content for your employees? Or can you allow them complete and free access to the worldwide web? There’s simply too much information out there, which can result in distraction and lowered productivity. At the same time, too many restrictions can make your team feel suffocated!

It’s important to strike a balance between allowing your team to access the information they need or may need, and keeping your company’s reputation clean by blocking illicit, illegal or unnecessary material. 

Here’s a quick ready reckoner to help you plan your company’s content restriction strategy.

What content do you really need?

Let’s say your organization works in the e-learning space. Your team will need to use the internet to better understand some of the content inputs that they’ve received from their client. They’ll need to watch YouTube videos on how to create specific interactive elements. They may need to read technical papers on gamification and game-based learning, in order to stay updated and create content that will make an impact. They’ll also need to refer to material created by competitors, including promotional material put up by them on social media, to position the client’s product in the available learning gaps. These are essential content categories that the employee must be able to access.

The Goldilocks Zone of Content Restriction: Not too wide, not too narrow, but just right

What content might you need?

Many employees find that they are more effective if they work while listening to music. For their safety, it’s important to allow them access to the news and local weather updates. You could consider a midway solution by allowing access to audio-only music options, and restricting access to reputed news sites alone – and the amount of time that employees can spend on the site.

Perhaps the most controversial content category is viral social media. Would it help your team to be able to include the latest viral moment in the e-learning content, to keep it relevant and topical? If so, how do you allow access to viral content without losing employee productivity? Can you put a time cap on certain applications or websites? 

The Goldilocks Zone of Content Restriction: Not too wide, not too narrow, but just right

What content do you definitely NOT need?

Access to personal email is a security risk as much as a productivity issue. 

Entertainment content can waste a great deal of time and company bandwidth. 

Illegal or illicit material found on official systems and networks can also impact your company’s reputation.

The Goldilocks Zone of Content Restriction: Not too wide, not too narrow, but just right

Can this be controlled by blacklisting certain URLs?

No, unfortunately not! 

A lot of the video content your employees may need is on YouTube. So is a lot of the content that they don’t! Similarly, personal email may be accessed through the same URL as professional email. 

Not to mention that blacklisting thousands – or even millions – of URLs is simply impractical. A more refined solution is required.

The Goldilocks Zone of Content Restriction: Not too wide, not too narrow, but just right

Whitelisting specific content categories

The kinds of content that you want to allow your team to access depends on the kind of work your company does. Each category of employee will also need different kinds of content access. 

Open source content categorizations for websites and video streaming portals are available online. It is possible to restrict access to content – whether on YouTube or on the internet at large – based on this categorization.

This makes for a much more relevant form of content access control, with necessary content types remaining accessible while irrelevant content is blocked. This helps to save company bandwidth and unproductive employee time.

The Goldilocks Zone of Content Restriction: Not too wide, not too narrow, but just right

Wondering how to create content restrictions for your business? Allow our experts to help you. You can set up personalized content filters with Akku, a 100% customizable IAM.

 

Data Logging and Audit: The IAM advantage

One of the key functions of an effective Identity and Access Management (IAM) solution is data logging, to capture and store information about which users access what applications, and when. These logs can help to drive effective decision-making through auditing in three key areas – financial, security, and compliance. Here’s how.

Financial audits

Optimization of software licensing is an area where your IAM can play a role in financial auditing. 

Through the logs maintained by your IAM, it is possible to extract actionable insights on the actual usage of software licenses that your organization owns, and therefore the number of users actively using each application, and whether there is very low usage of certain applications.

This makes optimization possible by reducing the number of licenses for specific applications if they are in excess, and by dropping or retiring applications that are not being used.

It is important to note that most IAMs will only capture the base data that would feed such audits and analysis, and generally would not provide these insights within the platform. However, if you are working with a highly flexible IAM, such customizations should be possible to implement.

Security audits

Logging user actions can help companies improve security as it is a way for administrators to detect breaches early, and also analyze and provide verifiable evidence of the source of breaches.

An effective IAM solution would maintain detailed logs monitoring all access and activity on the organization’s apps, ensuring that there is no unaccounted access. This provides complete visibility into which users have accessed which applications, and when.

Security auditing verifies whether all documented protocols are being followed and assists in preventing and tracking down malicious activity. To maximize the security benefits of audit logging, logs should be reviewed regularly and often enough to detect security incidents.

Compliance audits

Compliance audits help to ensure the efficiency of compliance programs, to ensure that your organization achieves and maintains certifications and recognized standards, in turn leading to improved customer loyalty and satisfaction.

Your IAM can help to provide verifiable evidence of compliance with security, data protection, and privacy standards and laws. This is achieved through features such as multi-factor authentication and enforcement of strong password policies. Similarly, prompt deprovisioning of user accounts through a single sign-on (SSO) functionality, and dissemination of mandatory employee communications through the common platform of the IAM go a long way towards complying with statutory standards.

Compliance logs are also useful when it comes to following General Data Protection Regulation such as respecting employees’ right to be forgotten.

Are you making the most of the logs captured by your IAM to manage financial, security, and compliance audits at your organization? Unlock the value of your data, and take it even further with customized reporting and dashboards with a highly flexible IAM solution like Akku.

Flexible Identity: IAM solutions need to bend… a little at least!

In the world of Identity and Access Management (IAM), flexibility is the key to stability. While IAMs are not new, the threats that they are helping to protect against and the environment in which they are operating are constantly evolving. Adaptability is more critical than ever.

Negotiating this ever-transforming environment, enterprises need both flexibility and fit in terms of their identity and access management strategy. This means finding an ideal IAM solution that adapts and grows with your business, customers, workforce, tools, processes, and market trends. Your IAM needs to balance user-friendliness and security, or users tend to get frustrated and search for workarounds that can open up security vulnerabilities.

Rushing into a decision about your IAM without a fully-formed strategy can result in a solution that is so rigid it doesn’t solve your problems! An inflexible IAM that does not support your identity and access management needs, can negatively impact user experience and decrease productivity. Technology should enhance security goals, not compromise them. Opt for a flexible IAM solution.

What do we mean by flexibility? It is the ability to use the IAM in the way that you want, without being constrained by its own features.

Flexibility in authentication methods

A flexible IAM offers a wide range of strong and centralized authentication mechanisms that cover cloud and mobile assets, permitting you to set password policies with multiple multifactor authentication (MFA) options. Modern MFA solutions provide users with multiple options depending on the circumstances (for instance, a hard OTP token may be used when working offline). This ensures that while security is the priority, productivity is not compromised.

Flexibility in integration

Your identity provider (IdP) must integrate with your IAM. Identity providers, such as Azure AD, are third-party service providers that store and manage digital identities. Choose the IAM that integrates seamlessly with your IdP, and which integrates with and provides access to a large list of cloud, on-prem, SaaS, licensed, and custom apps. This gives you the flexibility to use any IdP and app, based on the merits, without being tied down by your IAM.

Flexibility in access management

A flexible IAM allows you to define proper access privileges and set custom device restriction rules, in order to balance security with usability. A central directory, for instance, can help to manage access rights by automatically matching employee job titles to locations and relevant privilege levels. Further, a flexible IAM system can be used to establish groups with privileges for specific roles thereby uniformly and securely assigning access rights. By making it easy to define access privileges, your IAM becomes more flexible and user-friendly.

Customization

With IAM solutions, one size does not fit all. Look for a solution that allows you to customize everything from number of users to MFA options to report customization and content restriction. The more you customize the IAM to suit your needs, the better the digital experience your company can provide to its workforce – and the greater the impact on the business and the bottom-line.

Akku is a cloud-based powerful identity and access management solution that is designed with SME/MMEs in mind and their ever-changing needs. Contact us today for a consultation.

Authentication, Authorization, Auditing: the Three Pillars of IAM

In an earlier article, we explored the 3 pillars of a Cloud Access Security Broker (CASB), with Identity and Access Management (IAM) being one of these pillars. In this blog, we dive deeper into IAM, and the key concepts on which it is built.

2021 saw the average cost of a data breach rising from US$3.86 million to US$4.24 million on an annual basis, according to the IBM Cost of a Data Breach Report 2021.

Data breaches are increasing. And your Identity and Access Management solution, or IAM, is your first line of defense. IAM secures, measures, monitors, and improves the security of access through a standardized process.

How does an IAM improve security? It offers three pillars of support: Authentication, Authorization, and Auditing.

Authentication

How do you map the correct users to gain access to the correct content, at the correct times? 

Authentication takes place whenever a user attempts to access the organization’s network or assets. Verified credentials serve as a passport that allows users to access data, systems, applications, and resources.

With data breaches becoming more common, user authentication is vital to security. Organizations are prioritizing advanced security through sophisticated additional authentication methods. For instance, your IAM would secure your access management with two-factor or multi-factor authentication by pairing a username and password with a key card or OTP token, a fingerprint, or facial recognition. Every user has unique credentials, and IAM authenticates the user data to confirm that the user is a member of the organization.

Using a strong password policy can also improve authentication security. Verifying whether your IAM allows you to configure and customize your password policy is essential in providing a comprehensive authentication process. 

Authorization

While authentication verifies the users’ identity, the authorization aspect of IAM is what grants the user access to data based on their identity and defined access rules. While the two are related, they are not interchangeable.

In a sense, authorization is the second step to authentication – think of a night club, where the bouncer allows you entry after checking your ticket stamp (authentication), following which another staffer inside decides if your stamp allows you access to every area of the club or restricts you to select areas (authorization).

In organizations, users are granted authorizations according to their roles. Proper authorization is important to prevent data breaches.

For secure authorization, follow the zero trust principle and provide minimum possible access to each active user and immediately deprovision ex-employees. These two steps ensure that the risk of data breaches caused by improper authorization or disgruntled employees is reduced.

Auditing

Auditing security configurations helps weed out redundancies within the IAM system, such as IAM users, roles, and policies that are not required, and make sure that all users are authorized and authenticated. It also helps secure the system by regularly monitoring who has access to critical enterprise assets.

Audits ensure that compliance requirements are met, incidents are responded to and taken care of within a defined period of time, procedures are streamlined, responsibilities are segregated, transparency and documentation are maintained. 

Audits can also help to understand employee or user contributions on a particular app or data sheet. This can also be used in version control. Knowing who last logged on to the document gives usable information in cases where data has been breached. 

Chinks in authentication, authorization, or auditing can result in a compromised system. Opt for a trusted IAM solution such as Akku, a major emerging player in the APAC region. Akku offers a plethora of customizable options to improve data security, standards compliance, efficiency, and productivity.

 

Passwordless Authentication 101: What it is, How you can adopt it, and Why it’s the future

To stick with passwords or to go passwordless is a million-dollar cyber security question. Resetting, remembering, and changing passwords regularly is not only frustrating but puts critical information at risk. But at the same time, have we reached a point where we can realistically remove passwords entirely from our authentication processes?

The drawbacks of passwords

Strong passwords are difficult to remember, and weak passwords are too easy to hack. Additionally, overuse of the same passwords across multiple platforms can result in breaches during credential stuffing attacks.

According to a report from LastPass, weekly time spent managing users’ passwords and login information has increased 25% since 2019. The report also says that 85% of employees agree that their organization should reduce the number of passwords required to be used daily. And according to Verizon data, 81% of data breaches involve weak, default, or stolen passwords.

What is Passwordless Authentication?

Passwordless authentication is user-friendly and secure and brings to the table reduced IT costs by eliminating password-related risks, increased productivity as employees save time remembering or updating passwords, and stronger security. In short, passwordless authentication is both convenient and secure.

Passwordless authentication relies on the same principles as digital certificates, on public and private keys. Think of the public key as the padlock and the private key as the key that unlocks it. With digital certificates, there is only one key for the padlock and only one padlock for the key. For passwordless authentication, a cryptographic key pairs with a private and a public key. A user wishing to create a secure account uses a mobile app to generate a public-private key pair, where the public key is provided to the system, and the private key is accessed from the user’s local device using an authentication factor such as an OTP. 

Here are some ways you can go passwordless

  • Single Sign-on or SSO
    It simplifies managing access and provides employees an easy and secure way to log in. Also, it allows IT to provision or deprovision access as needed. However, while SSO reduces the number of passwords required, it often demands a single password to access all applications. 
  • Biometrics
    Fingerprints, face, iris, voice, and other biometric parameters are used as they are considered more challenging to hack than alphanumeric codes. They are also convenient to use, as they cannot be misplaced, stolen or forgotten. 
  • Hard tokens
    They allow access to software after verification with a physical device. 
  • OTPs
    Users are asked to input the code sent to them via email or SMS. OTPs provide an additional layer to security and are more secure than static passwords. OTPs are often used as a second layer of authentication, but can even replace static passwords. 
  • Private keys
    An alphanumeric string is processed through an algorithm, to encrypt or decrypt data. 
  • Magic Links
    Users enter their email address in a form, and then an email is sent with a login link. 
  • Push Notifications
    Users receive a push notification on their mobile devices through a dedicated authenticator app for identity verification.

Passwordless authentication methods are compatible across most devices and systems. Plus, they’re virtually impervious to phishing and other common cyberattacks.

So, is passwordless authentication the future?

Passwordless methods offer both a more secure and a more convenient way to authenticate users. So the simple answer is, yes, they are the future.

However, considering how ubiquitous passwords are today, they certainly aren’t going to disappear overnight. So until passwordless methods gain in popularity, it’s important to continue to do all you can to ensure strong passwords to secure your applications and data.

Whether you are ready to take the leap to passwordless, or are looking for a way to make your password based authentication more secure, Akku can help you enhance security and productivity across your environment. Talk to us today to see how we can help.