*Note: Originally shared in October 2022 at the time of Kraft Kennedy’s shift to a passwordless environment. We are reporting back, one year later to include a note from CIO, Marcus Bluestein: “It has been a year since the transition at Kraft Kennedy and we have had fantastic results including increased security posture and improved user experience“.
Original Post: October 18, 2022
Here’s a radical idea: What if users didn’t need to know their passwords? Kraft Kennedy is in the process of a watershed transition to a passwordless environment. Users still log into remote access, laptops, and web applications, but will no longer need to know their account password. In addition to increasing efficiency, a passwordless environment represents a huge leap forward in our security.
If users do not know their account passwords, how can they log into Windows?
We use Windows Hello and require Multi Factor Authentication (MFA) everywhere:
- The first factor options we provide to users are all Windows Hello based, including facial recognition, fingerprint, and PIN.
- For the second factor authentication, we provide users with a variety of options. In addition to the Windows Hello options, our second factor options are even more creative, and still manage to provide a simple login experience. One notable option we allow is a paired and connected mobile phone. Your phone can only be paired with your computer if both your computer and your mobile phone are unlocked and in your possession. The other factor we set up is the physical connection to an office LAN or office WiFi.
How will our users log into single sign-on (SSO) applications?
- We use the Microsoft Authenticator and its passwordless login feature. The process is very user-friendly and even lets the user know where in the world the authentication request occurred. A location 3000 miles away would be a red flag.
What are the other benefits of adopting a passswordless environment?
- Password phishing attempts are no longer a concern.
- There is no password to remember or to change, ever!
- Brute-force attacks are rendered ineffective. According to this password security calculator, a Kraft Kennedy user password would take 54 trillion trescentillion years to crack!
Let us know if we can help.