1. Effective protection against phishing and password lists
Phishing intends to trick the victim into giving away sensitive information, and then often the combination of username and password. Alternatively, the attacker can use password lists that are for sale at a low cost from previously compromised services, and bet that the employee uses the same password on multiple services.
These forms of attack are basically beyond the control of the IT administration. The first line of defense against phishing is competence, awareness and vigilance of all employees. Nevertheless, there is regularly someone falling for it.
Replace passwords with a stronger authentication factor
Attacks based on password lists originate in many people reusing their passwords, thus exposing the company's otherwise secure services. There are simply too many opportunities for passwords to go astray. If passwords are replaced with a stronger authentication factor with for instance the use of the employee's mobile phone, it will be an effective safeguard against the most common forms of attack.
2. More user-friendly MFA solution
To remedy the inherent uncertainty of the password, it is common to compensate with multifactor authentication (MFA). In this way, authentication no longer relies solely on what the user knows (the password). Now it also needs something the user has, such as a mobile phone. Even stronger security is achieved by adding a third factor; something the user is. That is, to involve a biometric factor - for example, a fingerprint, face or eye.
The challenge is that MFA tends to affect usability. The employee goes from having to enter only the username and password, to in addition having to log in with a one-time code or verify with fingerprints. This is impractical and especially annoying on a mobile device in case of misspelling - then you have to go through the process again. In order not to burden the employees more than necessary, IT therefore balances the security needs against the organization's willingness to take risks.
Replace passwords with a more user-friendly authentication factor
If the employee instead of a password logs in with something he or she has, such as a mobile phone, it will be a far more secure solution than relying on an insecure password. If there is also a need to facilitate multifactor authentication, verification with something else the employee has or is should be added. Whatever the alternative, it will be far more secure and user-friendly without a password.
3. Seamless user experience
Secure authentication can require as little as a fingerprint on your mobile phone. Never again forgotten or misspelled passwords. Simply a brilliant and seamless user experience.
The solution combines something the user has; access to the mobile, and something it is; namely the fingerprint. It is thus a much stronger two-factor authentication than one that is based on passwords - and requires only one action from the user. Sequence and choice of authentication factor is adapted to the company's needs. For external users, it will be possible to send a one-time code as an SMS, or a "magic link" to the user's e-mail.