Duo, the authentication service Cisco acquired for $2.35 billion in 2018, today announced its plans to launch a passwordless authentication service that will allow users to log in to their Duo-protected services through security keys or platform biometrics like Apple's Face ID or Microsoft's Windows Hello. The infrastructure-agnostic service will go into public preview in the summer.
"Cisco has strived to develop passwordless authentication that meets the needs of a diverse and evolving workforce and allows the broadest set of enterprises to securely progress toward a passwordless future, regardless of their IT stack," said Gee Rittenhouse, SVP and GM of Cisco’s Security Business Group. "It’s not an overstatement to say that passwordless authentication will have the most meaningful global impact on how users access data by making the easiest path the most secure."
If you're using Duo or a similar product today, chances are that you are using both passwords and a second factor to log into your work applications. But users are notoriously bad about their password hygiene -- and to the despair of any IT department, they also keep forgetting them.
In the standard two-factor authentication scheme, the second factor is basically an extra moat around your password. Passwordless is essentially another form of two-factor authentication, but instead of passwords, it relies on cryptographic key pairs, be that with the help of a hardware security key or biometric authentication.
Duo's passwordless service relies on the Web Authentication standard, which ensures that your data is stored locally and not on a centralized server, too.
According to Duo's own data, we have now reached a point where the hardware is ready for passwordless, with 80% of mobile devices now offering support for biometrics.
"Passwordless is a journey requiring incremental changes in users and IT environments alike, not something enterprises can enable overnight," said Wolfgang Goerlich, advisory chief information security officer, Duo security at Cisco. "Duo can help enterprises transition their environments and workforces securely and minimize user friction while simultaneously increasing trust in every authentication."