Latest Research

INDUSTRY COVERAGE
Apr 24, 2024

Create an Exponential Impact on Hospitality With Service Robots

Revolutionize hospitality through robotics..
INDUSTRY COVERAGE
Apr 22, 2024

COPS Business Reference Architecture

Business capability maps, value streams, and strategy maps for community-oriented policing services (COPS)..
APPLICATIONS
Apr 19, 2024

The AI Advantage for Smarter Marketing – A Primer

AI-powered marketing: Unlocking the power of AI to analyze, predict, and personalize your content..
INDUSTRY COVERAGE
Apr 18, 2024

AI and AI-Related Use Case Library for Community-Oriented Policing Services

Unlock value-driven AI use cases to transform your organization..
INDUSTRY COVERAGE
Apr 18, 2024

Responsible Use of AI in Policing

Key initiatives to ensure the responsible and ethical use of AI in policing..
INDUSTRY COVERAGE
Apr 18, 2024

Overcome the Barriers to Enable Exclusive Premium Experiences

Info-Tech Research Group & Association of Luxury Suite Directors (ALSD) 2023 Survey.
INF & OPS
Apr 17, 2024

Maintain Continuity in a Power Outage

Avoid chaos when the lights go out. .
APPLICATIONS
Apr 17, 2024

Generative AI Use Cases for Marketing, Sales, and Customer Service

Leverage Gen AI technology to drive sales and retain customers by creating personalized content..
INDUSTRY COVERAGE
Apr 17, 2024

Integrate Biomedical Device Management With IT

A programmatic approach to enhancing security, efficiency, and collaboration..
INDUSTRY COVERAGE
Apr 17, 2024

Fast-Track Your DERMS Business Case

Speed up the process to justify the need for a distributed energy resources management system (DERMS) solution..
See all new content

This content is currently locked.

Your current Info-Tech Research Group subscription does not include access to this content. Contact your account representative to gain access to Premium SoftwareReviews.

Contact Your Representative
Or Call Us:
1-888-670-8889 (US/CAN) or
+1-519-432-3550 (International)

Comprehensive software reviews to make better IT decisions

Home > Research > My Passwordless Experience: Is This the Right Time to Make Your Move?

My Passwordless Experience: Is This the Right Time to Make Your Move?

Is now the right time to go passwordless?

In June 2023, I decided to remove the password on my personal email account and the one used to log-in to all of my devices. Did I wait too long? Am I too optimistic this will work without issue? Are there kinks that still need to be worked out? I recently attended Identiverse 2023 and got a FIDO2 hardware token intending at some point in the future to go passwordless. Why wait though? I was pumped up with all the passkey and passwordless sessions I attended and was eager to try this out and share my experience.

My journey starts with a pair of Thales SafeNet eToken FIDO hardware devices. Some devices are NFC, which make it convenient to interface with other types of devices, but as I found out, in some cases this becomes a necessity. These hardware tokens are USB-C, but not all my devices have a more recent USB-C port. Lesson learned, and a couple of extra hoops to jump through for sure. I think an NFC alternative, like the Yubico YubiKey 5 or the USB-A version of this hardware token, would have made it an uneventful experience.

So off I went to manage my Microsoft account.

In the Security portion of account management, I was able to see the ways I could prove who I was. Here it was a matter of removing the less optimal authentication methods and adding my new secret key.

I selected add a new way to sign in or verify and Use a security key in the next pop-up window.

The next window asked me to set up my security key! Now I was getting somewhere, and it seemed like good things were starting to happen.

After I clicked Next, I was presented with a fork in the road – the passkey route or the hardware token route? I selected Use a different device but it was a teaching moment for me on the subtle differences here.

From here on, it was a straightforward experience.

From a security perspective, I was pleased that it required me to touch the USB token at several points of the setup.

I named my primary and secondary tokens and completed the hardware token setup. Here you can see that the new way to prove who I am has been added. Now, onto removing my password!

I turned on Passwordless account from the menu as my next item on the list.

That took me through some logical prompts.

Could it be that simple? Indeed, it was.

Now I’ll take you back to my account security and what options are available to prove who I am. Passwords are indeed gone, and out of the remaining options, I chose to remove the one-time password (OTP).

Here is where I ran into my first roadblock due to account verification. This is something to consider in your own journey. My security posture has improved, but not entirely as expected.

Lastly, there is the option to add an additional two-step verification to the ways you can prove who you are.

Our Take

The passwordless journey is not as difficult as I originally expected it to be. I found all the prompts followed a logical sequence and I didn’t consider them excessive. From a security perspective, there are several benefits. I no longer need to identify myself on any of my devices – simply plugging in my token identifies me. I just punch in the pin code that I issued my token and I’m in, which is a much nicer experience. Now that I’ve gone through this, I wish I would have done it sooner. No pitfalls or surprises to report; you can leverage Authenticator and a secret key to prove your identity and remove passwords as one of the verifiers. Based on your use cases, this could move the security needle forward for you as it provides phishing-resistant MFA, and it reduces friction for users authenticating themselves.

Want to Know More?

RECENT RELATED RESEARCH All Research
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
© Info-Tech Research Group | Terms of Use | Privacy Policy