This article has been indexed from The Duo Blog
Part of our Administrator’s Guide to Passwordless blog series
See the video at the blog post.
If you’re considering passwordless authentication for your organization today, you’ve probably been thinking for a while about a holistic authentication strategy. Passwordless is a leap forward on the path to a strong and usable authentication system, consisting of many individual steps that you must navigate.
Let’s start by reviewing the high-level phases of the passwordless journey:
Phase 1: Establish Multi-Factor and Identify Passwordless Use Cases
Multi-factor authentication has been a critical component of strong authentication systems for more than a decade. Hopefully, you’ve already got this one — but if not, there are countless products that can help you mitigate the threats of password-based single-factor authentication.
Phase 2: Consolidate Authentication Workflows
A typical company runs hundreds of applications. Managing each application’s authentication methods and security policies quickly becomes untenable for administrators at this scale. Rather than attempt to augment the security of each application individually, Phase 2 focuses on consolidating authentication workflows into a place where the majority of the authentication events can be centrally managed.
This may take the form of single sign-on (SSO) or federated portals through standard protocols like Security Assertion Markup Language (SAML) and OpenID Connect (OIDC). Even applications that aren’t web-based, such as SSH clients or remote desktop software, may be able to go passwordless by using a reverse proxy and client software that opens a passwordless web prompt. There are numerous products and services that will offer different exp
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Administrator’s Guide, Part 4: Phases of a Passwordless Rollout