User Security Goes Duo Passwordless at Cisco Live 2021

User Security Goes Duo Passwordless at Cisco Live 2021

In Security by Daniel NewmanLeave a Comment

User Security Goes Duo Passwordless at Cisco Live 2021

The News: Duo, the authentication service Cisco acquired for $2.35 billion in 2018, today announced its plans to launch a passwordless authentication service that will allow users to log in to their Duo-protected services through security keys or platform biometrics like Apple’s Face ID or Microsoft’s Windows Hello. The infrastructure-agnostic service will go into public preview in the summer. Read the full news story on TechCrunch.

Analyst Take: With security instances up and certainly garnering greater attention, the need to address all of the factors that are creating vulnerabilities is on the rise. Cisco purchased Duo, the Michigan-based cybersecurity company, in 2018 to expand its security capabilities, and this week’s announcement of its Passwordless offering brings Duo back into the spotlight. In short, nobody likes passwords, and efforts to harden passwords often creates behaviors that lead to self-inflicted wounds. Duo Passwordless takes a new approach that is becoming commonplace in our daily interactions with our mobile devices like biometric fingerprint and facial recognition.

Quick Overview of Duo Passwordless by Cisco

First of all, it’s noteworthy that this new security feature is infrastructure agnostic. The Passwordless feature allows users to log into cloud applications with one click using security keys or platform biometrics such as fingerprint or facial recognition built into smartphones and laptops. Both of these modalities for gaining access to cloud applications offer greater protection than typical password entry. Duo Passwordless authentication will be available for public preview this summer and generally available by the end of the year as part of Cisco’s zero-trust platform.

More on How Duo Passwordless Handles Authentication and Where it will be Used

Duo passwordless authentication uses the Web Authentication (WebAuthn) standard, which is based upon asymmetric cryptography. It’s important to recognize that this standard and Duo’s approach enables biometrics to be securely stored on and validated locally by the device. Duo has been a pillar behind the Web Authn standard and is a member of the World Wide Web Consortium, where it helped drive WebAuthn’s ratification as an official web standard.

From a use case standpoint, Duo’s first passwordless use case enables access to cloud applications protected by Duo single sign-on (SSO) and third-party SSO and identity providers by leveraging platform biometrics like TouchID, Windows Hello, and Apple FaceID, along with security keys. With the typical enterprise utilizing hundreds of SaaS applications, this enhancement can reduce threat surfaces and make secure access to these applications frictionless.

Before this announcement, Duo had additional security products that users could tap into to add extra security layers. This includes Duo’s secure access services such as device health and behavior monitoring controls. With these additional security layers, Duo users can further reduce risk if a biometric is stolen or ineffective.

Impressions of Duo Passwordless

People hate passwords, and enterprises are experiencing massive app sprawl that continuously adds threat surfaces to organizations. With security being top of mind more than ever, companies need to make apps and data more secure, but ideally without adding complexity or steps that will likely be ignored or underutilized. Duo Passwordless is addressing an interesting need and is hitting the market at an opportune time. I believe there is substantial upside for this line of solutions, which will help one of Cisco’s brightest revenue streams, which has been security.

Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.

Read more analysis from Futurum Research:

ServiceNow Intellibot Acquisition Another Step Forward in the RPA Arena — and an Exciting One

AWS’s Amazon Lookout for Metrics Solution Uses Machine Learning to Automate Business KPI Monitoring

Ericsson 5G Core Policy Studio — The Network Programmability Tool Key to 5G Innovation

Image: Cisco

 

The original version of this article was first published on Futurum Research.

Daniel Newman is the Principal Analyst of Futurum Research and the CEO of Broadsuite Media Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise. From Big Data to IoT to Cloud Computing, Newman makes the connections between business, people and tech that are required for companies to benefit most from their technology projects, which leads to his ideas regularly being cited in CIO.Com, CIO Review and hundreds of other sites across the world. A 5x Best Selling Author including his most recent “Building Dragons: Digital Transformation in the Experience Economy,” Daniel is also a Forbes, Entrepreneur and Huffington Post Contributor. MBA and Graduate Adjunct Professor, Daniel Newman is a Chicago Native and his speaking takes him around the world each year as he shares his vision of the role technology will play in our future.