Enterprises are slowly shifting away from enterprise password use and over to more secure alternatives. But IT leaders must build a security strategy beyond these measures. Credit: Cisco Passwords have been used to gain access to computers since at least 1961, when an operating system at the Massachusetts Institute of Technology implemented the need for login credentials. Over the following decades, as threats have evolved, there have been seesaw-like reactions to adapting password tactics.“In response to how criminals have changed their attack methods, we have encrypted passwords with ever stronger algorithms, hashed and salted them,” says Wolfgang Goerlich, Advisory CISO, Duo Security at Cisco.Yet, the attacks continue to become more sophisticated to get around these measures. Meanwhile, employees are still using use weak logins like “12345” or “password,” and store their credentials on their desktops. In addition, many users often forget them, which is why password-reset requests are among the most common IT help desk tickets.In recognition that the back-and-forth debate around passwords must stop, security leaders are slowly moving their organizations away from passwords and over to passwordless multi-factor authentication (MFA). However, the shift to passwordless security—while an important step in preventing threats—isn’t sufficient on its own.The need for a comprehensive view“There has to be consistency in how end-users authenticate and how administrators manage and protect the solutions, across hybrid and heterogenous environments,” Goerlich says. “We have to think about reducing user frustration, as well as streamlining security for our security teams.”MFA requires two factors to login—such as an SMS text, token, or a biometric key—which is an improvement. Yet it still has limits, Goerlich says.“Each one of these extra factors adds cognitive load and potential confusion for the individual,” he says. “As CISOs, we have to consider ways to make this consistent for users so they can develop muscle memory.”The Zero Trust framework and adopting a Secure Access Service Edge (SASE) architecture provide a robust, connective security layer that enable organizations to provide consistent credentialing and login across hybrid IT infrastructures.A Zero Trust approach establishes trust in every access request, no matter the user, device, or location. It balances secure access across the workforce, workloads, and the workplace, only granting access when trust is verified. It’s not a single solution, but rather a series of steps—including MFA—to address network security, application access, policy enforcement, and more.Zero Trust and SASE work together to create a secure “bridge” across access and the edge—infrastructure including the cloud, the data center, or point of presence where traffic is secured and then forwarded. Access is predicated on identity, whether that’s an individual, device, application, or service.The one mistake to avoid on the path to passwordlessAn effective way to start down the Zero Trust and SASE path is through implementation of an MFA solution that grants passwordless authentication across all IT infrastructure.For example, enterprises average between 100 and 300 software-as-a-service (SaaS) apps, depending on their employee base size, according to the 2020 SaaS Trends Report from Blissfully[1]. (It should be noted that this study was conducted pre-pandemic.)So, it’s critical to protect both individuals and data in this cloudy environment. To help organizations achieve this, Duo passwordless authentication verifies users as they access cloud resources such as SaaS applications. The solution offers a consistent login experience, which ultimately increases user productivity.“However, organizations shouldn’t make the mistake of thinking that because they’ve implemented passwordless that they’re done,” he says. “Passwordless authentication cannot be simply removing the password. It must be increasing trust and control across every authentication. That’s where Zero Trust and SASE, which align standards and practices, can help improve overall security.”Find out more about Duo passwordless authentication. [1] Blissfully, October 2019, https://www.blissfully.com/saas-trends/2020-annual-report/ Related content brandpost Partnering up on XDR: A rising tide lifts all security teams Security practitioners must employ XDR tools to focus on the bigger picture and the larger threats at hand. By Pete Bartolik Sep 13, 2023 4 mins Security brandpost Insights from a CISO Survival Guide Cisco's CISO Survival Guide set out to uncover how modern enterprises should be secured given the uniquely evolving challenges of Identity management, data protection, software supply chain integrity, and ongoing cloud migration—all in the By Pete Bartolik Aug 24, 2023 4 mins Security brandpost Navigating the AI frontier: cybercrime's evolution and defense strategies This article focuses on the dual effects of AI on cybercrime and its implications for defense. By Dr. Giannis Tziakouris, Senior Incident Responder at Cisco Talos Intelligence Group Aug 23, 2023 4 mins Security brandpost Adapting tools & tactics to fight modern ransomware Many backup solutions rely on snapshots taken every 24 hours, but that leaves a substantial amount of data at risk in the event of an attack. That's where extended detection and response (XDR) comes in. By Pete Bartolik Aug 22, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe