Centrify, a main provider of Identity-Centric Privileged Access Management solutions, has unveiled that it is leveraging the FIDO2 Web Authentication API to allow passwordless authentication for administrators. With the new capabilities, Centrify clients can replace passwords with stronger factors of authentication such as fingerprint or facial recognition, making sure a frictionless user experience with a higher level of safety. Enforcing FIDO2-based authentication for privileged administrator logins based on risk makes Centrify a single source of truth for privileged users to access and manage hybrid infrastructure, attaining stronger security balanced with more productivity.
FIDO2 is the latest set of specifications from the FIDO Alliance, allowing users to leverage common devices to easily authenticate to online services in both mobile and desktop environments.FIDO2 supports biometric methods like Apple’s Touch ID electronic fingerprint recognition, Apple Face ID facial recognition, and Microsoft’s Windows Hello, which enables Windows 10 users authenticate to their devices, apps, online services, and networks with just a fingerprint, iris scan, or facial recognition.
Ultimately, FIDO2 makes security stronger and less disruptive because it can avoid passwords, which is desperately essential given that 81% of security breaches involve weak, stolen, default, or otherwise compromised passwords, according to Verizon. Passwordless authentication makes sure that login credentials are authentic throughout every website, never stored on a server, and never leave the user’s device. This security model helps to get rid of the risks of phishing, as well as all forms of password theft and replay attacks.
“Centrify’s support for the FIDO2 standard, along with our present multi-factor authentication and real-time analytics capabilities, now provide stronger authentication factors to affirm privileged user identities, greatly minimizing the risk of security breaches that might exploit weak, default, or stolen passwords,” stated Jeremy Stieglitz, Vice President of Product Management at Centrify. “The reality is that out-of-sync passwords can hamper worker productivity, interrupt IT operations, and compromise security. Our new biometric support adds an additional roadblock for attackers while eliminating barriers for administrators to authenticate without the need for passwords.”
Centrify has supported FIDO for years and is a member of the FIDO alliance. In offering support for FIDO2, Centrify further allows organizations to move away from passwords, which are frequently the target for external and internal threat actors. Centrify has been using passwordless access to systems using ephemeral tokens as part of its Privileged Access Service for a number of years, and this support for FIDO2 further builds on that vision that passwords are the weak point in security. Using biometrics removes the risk of credential theft techniques and offers better alignment with NIST 800-53 high-assurance authentication controls. Centrify also leverages on-device authenticators that register new devices and tie them directly to the user’s identity. Once new devices are registered and authenticated, they can be used for multi-factor authentication.
For more information about Centrify Authentication Service, visit https://www.centrify.com/privileged-access-management/authentication-service/