Enterprise users by using Duo passwordless authentication can skip the password and securely log into cloud applications

Duo passwordless mobile UX

The passwordless authentication user experience from Cisco Duo Security on a mobile device. (Credit: Cisco)

Cisco Secure has unveiled passwordless authentication provided by Duo for accessing cloud applications through security keys or platform biometrics integrated into modern laptops and smartphones.

According to the enterprise cybersecurity company, by using Duo passwordless authentication, enterprise users can skip the password and securely log into cloud applications.

Cisco Secure, which is owned by Cisco, said that passwords are compromised easily and are not easy to manage. These make enterprises spend billions of dollars yearly.

Furthermore, requests for password resets make up a bulk of IT help desk tickets, leading to productivity loss for users, while also increasing support costs for the enterprises.

Cisco security business group SVP and GM Gee Rittenhouse said: “Cisco has strived to develop passwordless authentication that meets the needs of a diverse and evolving workforce and allows the broadest set of enterprises to securely progress towards a passwordless future, regardless of their IT stack.

“It’s not an overstatement to say that passwordless authentication will have the most meaningful global impact on how users access data by making the easiest path the most secure.”

A part of Cisco’s zero-trust platform, Duo passwordless authentication is said to secure access for any user to any IT application or environment, irrespective of any device.

The authentication product is infrastructure agnostic and ensures that enterprises can effortlessly protect any combination of cloud and on-premises applications. This is achieved by the product without needing various authentication products or leaving gaps in critical security, said Cisco.

The new product simplifies and bolsters authentication for accessing cloud applications protected by Duo single sign-on (SSO) and third-party SSO and identity providers.

It utilises Apple FaceID, TouchID, Windows Hello, and other security keys and platform biometrics.

By pairing passwordless authentication with Duo SSO, enterprises can consolidate a number of passwords and authentications into a single login for users to get access to cloud applications.

The Duo passwordless authentication also cuts down the possibility of password-related threats and vulnerabilities like phishing, reuse of passwords, stolen or weak passwords, man-in-the-middle attacks, brute-force, and also compromise of the password database.

The product makes use of the Web Authentication (WebAuthn) standard, based on asymmetric cryptography. This lets biometrics to be safely stored on and validated by the device, locally.

Cisco Duo Security advisory chief information security officer Wolfgang Goerlich said: “Passwordless is a journey requiring incremental changes in users and IT environments alike, not something enterprises can enable overnight.

“Duo can help enterprises transition their environments and workforces securely and minimise user friction while simultaneously increasing trust in every authentication.”

The new authentication product will be available for public preview starting from summer 2021.