Remote work contributes to enterprise shift to biometrics, away from passwords

The range of fraud and access control risks that go along with remote work practices are leading enterprises to adopt biometrics as part of a layered approach to securing their assets, Nuance Chief Fraud Prevention Officer Simon Marchand writes in a Security Magazine editorial. A TruU customer win provides an example, while Hitachi ID and ThycoticCentrify have each upgraded their enterprise IAM offerings, and biometric YubiKeys have reached the market.
Only 19 percent of companies are planning to return to fully in-person working policies in 2021, according to PwC research cited by Marchand. The benefits of biometrics adoption for enterprise employee authentication go beyond making the home office secure from fraud, but extend even to improved worker efficiency by avoiding the waste of time associated with lost passwords, he argues.
Those that have yet to adopt biometrics appear to be taking unnecessary risks.
Even though almost everyone knows that password repetition is a risk, almost two out of three people do so, according to a new LastPass survey. Further, while 68 percent of respondents said they would create stronger passwords for financial accounts, only 32 percent would do the same for work-related accounts.
The findings generally align with a recent report from Thales suggesting that legacy technologies like VPNs are the first and sometimes only line of defense enterprises deploy to mitigate work-from-home risks.
Passwordless enterprise contract win for TruU
Stanley Black & Decker has selected TruU’s TruIdentitty Cloud to improve employee authentication experiences and eliminate passwords.
TruU will provide its technology for presence-based authentication to workstations with proximity and biometrics, behavioral biometrics-based continuous identification, and self-service tools to Stanley Black & Decker.
“It’s the strongest possible endorsement of our award-winning TruIdentity Cloud to have a global titan like Stanley Black & Decker join the ranks of our worldwide user base,” comments Lucas Budman, TruU co-founder and chief executive. “TruU enables companies like Stanley to completely eliminate the need for passwords, badges, tokens, rotating codes, and other forms of work-inhibiting authentication technologies. No other solution combines presence, biometrics, and behavioral identity in one engine, continuously adapting authentication as necessary to maintain security–all with zero user friction.”
Software updates from Hitachi ID, ThycoticCentrify
Hitachi ID has released version 12.2 of its Bravura Security Fabric for enterprise identity and password management with a new Web Session Manager for privileged access monitoring.
Other features included in Hitachi ID Bravura Security Fabric are Time Bound Role Assignment, SOX Compliance Reports, and an AD Password Protection Plugin.
The Bravura Security Fabric was launched a year ago to provide biometric identity and access management.
ThycoticCentrify has released a multi-factor authentication redirection capability to allow privileged users to perform authentication on behalf of other users.
The merged company’s MFA redirection capability previously supported only the Centrify app as a second factor, but now accepts all second factors supported by the Centrify platform, according to the announcement.
“In today’s enterprise environments, enabling MFA everywhere is no longer an option – it’s a required best practice,” explains Jason Mitchell, senior vice president of Engineering at ThycoticCentrify. “Many administrators use alternate administrative accounts that are more difficult for threat actors to obtain, but often they don’t have the same ease-of-use capabilities as their regular accounts. MFA redirection makes it seamless to use the same preferred MFA methods no matter which account they are using, resulting in a much better user experience as well as increased opportunities to apply this critical security control.”
Biometric YubiKeys reach GA
Fingerprint biometric hardware token for multi-factor authentication from Yubico have reached the market, a year after their launch was announced and two years after they were first previewed at Microsoft Ignite 2019.
Tokens in the YubiKey Bio Series, which supports FIDO2, WebAuthn and U2F authentication, as well as Citrix Workspace, Duo, GitHub, IBM Security Verify, Microsoft Azure Active Directory and Microsoft 365, Okta and Ping Identity, are available for $80 (USB-A) and $85 (USB-C).
Article Topics
access management | biometric security key | biometrics | digital identity | enterprise | Hitachi ID | identity management | Nuance Communications | remote authentication | Thales Digital Identity and Security | ThycoticCentrify | Truu | Yubico
Comments