Professional Documents
Culture Documents
Many businesses have already started their journey to break up with passwords and transition to
passwordless authentication with stronger credentials such as mobile authenticators, biometrics,
Windows Hello for Business, YubiKeys etc. But choosing the right credentials is just the first step in
the journey… what happens after you deploy your new tools? How do you ensure your workforce fully
adopts their new credentials and follows your security policies, without impacting their productivity?
Credential Confusion
63% 61%
of IT leaders of IT leaders
say remote work led say their main MFA
to an increase in challenge is user
credentials for users confusion
2
There’s currently no silver bullet for passwordless – businesses need to implement multiple
credentials if they want to secure all their use cases. This could include Windows Hello for Business
for login to windows and Azure AD enabled apps, a YubiKey for their MAC login, their Ping Identity app
on their phone, and even a PKI certificate for email signature. Remote work has led to an increase in
access across businesses, requiring new credential deployments for each use case.
As these solutions are managed in different places, this can become confusing for employees. Each
of these new credentials requires education on how it works, comes with its own platform or software
for management, and needs to be renewed eventually. When employees should be focusing on
creating value for your business, they’re instead getting distracted with searching through their
applications, downloading new software, and ultimately reaching out to the help desk with panic to
resolve their problems.
Access Denied
2 hours 40%
a week
the average employee
of help desk calls
spends waiting for IT are credential-
assistance from related
help desk
We’ve all gotten locked out before. Whether it’s because we misplaced our phone, forgot our PIN, or
just kept procrastinating on renewing a certificate… it’s inevitable. But as frequent as revoked access
is, it never seems to get easier for the user. Employees are left unable to access their system and must
either wait to try again or reach out to their IT team for help. If the help desk is busy, this could lead to
hours of downtime, causing frustration and keeping employees from their essential work.
As organizations move toward passwordless and deploy more credentials to their users, the more likely
it is that a user will misplace or forget to renew one of them. These increasing issues hurt more than user
productivity – emergency access is seen as one of the most vulnerable stages of authentication for
cyber-attacks. If your IT team sends temporary passwords to users to reset their system, hackers could
easily intercept these and gain access to the system. If you want to achieve complete passwordless, it
means no passwords no matter what the task, including these temporary passwords.
3
Worrying Workarounds
MFA is
52% #1 policy
of enterprises
say employees find employees are
workarounds in resistant to
their system complying with
These credential management issues and emergency access struggles lead to frustrated employees
unable to focus on their work. This is exacerbated by remote work – employees are now managing
new credentials for new platforms and systems without in-person assistance from their IT team. The
long wait times for help desk support lead many workers to second guess whether it’s worth using
new authentication methods at all. Passwords are painful, but figuring out how to deploy and manage
a new credential feels like more work to many people.
When sent a new credential like a YubiKey or a smart card, many employees procrastinate issuing
it, thinking it might be a time-consuming process that disrupts their workday. Be honest, we’ve all
clicked the “remind me later” button! However, this workaround to deploying MFA means they’re still
using their unsafe password. The same thing can happen when a credential or certificate needs to
be renewed – if an employee keeps ignoring it, they might revert to using passwords or will need to
reach out to IT to help.
So…. users are becoming confused and frustrated by new authentication methods. How does this
impact go beyond their experience?
Help desk productivity: These extensive credential issues are not just distracting end
users from their strategic work. The IT team becomes consumed by credential issues and
often must allocate additional employees and resources to the help desk to keep wait
times down. This means that the team doesn’t have as much time to work on their actual
projects or focus on modernizing other aspects of their IT infrastructure.
Return on investment: Transitioning to full passwordless authentication is a major
investment in time and resources that requires support from multiple departments. After
the research, planning, and implementation of the project is complete, you need to see
strong results. If employees are not adhering to your security policies or following MFA
best practices, then you won’t see the results you planned for.
Security threats: The biggest impact of these user issues is the threat to the security
of your business data. If employees are forgetting credentials or letting them expire
and requesting emergency access, these one-time passwords could be hacked. And if
employees are going one step further and find workarounds in the system to continue
using passwords… this could spell disaster. Passwords account for over 80% of data
breaches - if just one employee is still using them, the whole ecosystem is at risk.
4
It’s clear that users are the weakest link in your passwordless infrastructure. So how can you make
sure their authentication is both secure and simple to use? Can you empower them to adopt and
utilize passwordless authentication in the long term?
Simplify authentication for your end users by choosing a unified cloud platform that supports every
credential your business needs. This solution should integrate your current credentials and ensure
you’re securely authenticating every user on your network. If now deploying and updating credentials
all takes place in one portal, your employees will gain the independence to manage their own
credentials with little to no IT support. One platform for all your identity credentials.
For instance, imagine if Susan loses her YubiKey and gets locked
out of her account. Instead of searching for her YubiKey or
reaching out to the busy help desk for assistance, Susan
could head over to her co-worker Gary and ask him to
authenticate on her behalf. This is faster than going to IT
but highly secure.
5
For instance, when you send your users a new credential, instead of waiting and hoping they
have issued their credential, upon login you should prompt and redirect the user to the portal to
issue their new credential within seconds. By choosing an authentication platform that eliminates
user decision-making, adhering to MFA best practices is easier than ever. A user empowered
credential platform will ensure a user can’t enter and access the business system until they
have issued their credential and therefore removed their password restricted access. This would
apply to any authentication requirements, including credential renewals and updates. This offers
the organization complete assurance that all your employees are utilizing their passwordless
authentication and not finding workarounds.
It’s time to empower your users with authentication solutions that put their needs front and center.
By streamlining their credential management, giving them control of their emergency access, and
ensuring they follow company policies, your workforce will support your passwordless strategy in
the long run from anywhere in the world. You can gain peace of mind that your security policies are
followed and can let your workforce get back to doing business and creating value.
6
Empowered Emergency Access:
MyCircle is a delegated validation solution to enable users who are locked out of your system to be
authenticated by a trusted colleague in a face-to-face interaction.
• Achieve true passwordless: MyCircle eliminates vulnerable temporary passwords and instead puts
the trust back in your employees and their designated coworkers.
• Save IT resources: Put an end to employees calling help desk every time they’re locked out - with
MyCircle, even if employees have no IT background they can regain system access and improve
productivity for themselves and your IT team.
• Enforce policy: Enable policy driven emergency access, where IT administrators have control in
assigning designated coworkers within MyCircle, so you can operate with complete trust.
7
About Axiad
Axiad accelerates enterprises’ journey to passwordless authentication with its Axiad Cloud platform.
Whether you need to secure your employees, their online interactions, or your machines and devices,
Axiad makes zero trust simple and secure with PKI, MFA, and FIDO in one platform – Axiad Cloud.
Businesses can cohesively deploy and manage all the credentials required to eliminate passwords
including certificates, Windows Hello for Business, mobile MFA, TPM, hardware tokens such as YubiKeys,
smart cards, and biometrics. Axiad delivers complete trust across the identity spectrum with user-
centric solutions for credential issuance, lifecycle management, and emergency access from
anywhere. Axiad Cloud is trusted by Fortune 500 companies across healthcare, aerospace & defense,
energy & oil, transportation, finance, and more.
axiad.com