Modern Authentication for Multiple User Journeys - Best Guidance

As organizations expand remotely and to the cloud, the need for authentication that reaches all corners of a growing network – without incurring security burnout – is necessary to balance productivity with security. Modern authentication is a scalable solution that provides passwordless access, role-based permissions and cloud-capable validation, but how you implement it varies as widely as the user authentication journeys themselves.

What is Modern Authentication?

Modern authentication is the collective grouping of user identity and access management protocols that allow for “policy-based contextual access, based on risk assessments and passwordless identity validation.” While around for a few years already, the need for modern authentication has surged in a post-pandemic world in which hybrid and remote environments are the norms, and users need a way to access resources beyond the perimeter frequently, safely and in greater numbers than ever before. 

Legacy authentication, like password usage, has two significant flaws. First, passwords are insecure and easily guessed. Second, they are built on a ‘yes/no’ basis, either allowing all access permissions behind a certain point (usually too many) or none of them. Modern authentication, in contrast, allows you to validate a user’s identity based on the user’s login context, combined with additional external inputs, and make that risk management continuous throughout the user journey.

Another key differentiator is the passwordless nature of modern authentication. By employing technologies such as policy-based access, Biometric PIN, and FIDO2, modern authentication skips unsafe password use in favor of multiple points of identity validation.

Modern Authentication for Multiple User Journeys 

However, when it comes to modern authentication methods, one size doesn’t fit all. The benefit of these methods is that they can suit multiple user authentication journeys, allowing you to safely give different users different levels of access without security burnout. 

To illustrate this point, check out our Authentication Discovery Adventure and see if you can customize the right personalized authentication journey for each end user. The trick is to ensure safety while avoiding fatigue, outdated protocols, or ‘user takes all’ access. 

Now, let’s examine how modern authentication can be used to craft an equally secure yet custom authentication journey for two separate cases.

Case Study One: Multiple Locations 

Julia is a surgeon with patients in multiple locations. Her job keeps her on the go, so a convenient, fast user experience is key to eliminating login friction. 

  • Shared desktop: Julia uses a PKI-based smart card to authenticate access.
  • Private laptop: At the clinic, multi-factor authentication (MFA) is a mandatory policy, but her laptop doesn’t have a smart card reader, so she uses FIDO on her personal device.
  • Shared tablet: At the hospital, she again uses a FIDO device to meet MFA requirements. 

Case Study Two: Multiple Terminals

Mike works at a car manufacturer and has to log into multiple systems throughout the flow of his day. 

  • Classified shared terminal: When logging a machine malfunction on the factory floor, Mike uses server-based pattern-based authentication to access the shared terminal in a hands-free environment. 
  • Critical operating system: Mike needs to access a special user interface to get log data on a robot. He uses certificate-based or FIDO authentication to access this critical operating system. 
  • Non-classified shared terminal: To review shift schedules, Mike uses PUSH OTP authentication to access the non-classified shared terminal in the break room.

‘Discover, Protect, Control’ 

Adopting a ‘Discover, Protect, Control’ policy is fundamental to ensuring a smooth authentication journey for every user, no matter the environment, technology or the number of systems.

Discover: Identify use cases for the different users in your organization and uncover their authentication gaps. Note all users, their roles and access requirements, the resources they need to access (and whether that access is critical), and availability of the resources (location, cell network availability, device, etc.)

Protect: Now, you are in a position to defend the access permissions of your users. Do this by: 

  • Transitioning to a Modern Authentication protocol – passwordless, policy-based and continuous risk assessment.
  • Offering your users choices for authentication; for example, PKI-based card, FIDO card and PUSH OTP.
  • Using step-up, conditional access ensures you only bother users for stringent login requirements when they are out of usually accepted parameters, such as in a different location or on a different device.

Control: Maintaining your identity and access management is vital as your needs, applications and roles expand in the cloud. Invest in scalable solutions so you can add new services, adjust policies and stay agile as your authentication needs grow. 

Modern authentication handles the challenge of securing a growing attack surface and avoids security burnout, providing secure access for whatever your user authentication journey may be – no matter where or how many there are. 

Brought to You by

What’s Hot on Infosecurity Magazine?