When your organization rolls out 2-factor authentication, it basically means two things for users. The first is you and your colleagues are working with very important data, and the second is, your username and password are no longer considered sufficient to protect this data. To adhere to this new security requirement, moving forward you will have to add one more step to your login ritual.
You are most likely already familiar with the process from experiences in your personal life — such as how your online banking app prompts you for a 6-digit security code sent to your phone when you want to pay a bill. Similarly, many organizations use security codes in the same way to constitute the second authentication factor when you sign into your portal or SSO into a third-party work app. These codes are sometimes called one-time password (OTP), or time-based one-time password (TOTP), simply because they can only be used once, and they usually expire within minutes.
On the bright side, your organization has better security because you obtained this security code through a device that is unique to you: your phone. However, your daily sign in routine just became less pleasant — now every time you sign in, you have to re-type this code. And this gets old.
Now, SMS-based 2-factor authentication is not the only game in town. If your laptop is relatively new, chances are it came with a fingerprint reader. Right away you can use this fingerprint reader for login to your Windows laptop (Windows 10 will provide Windows Hello) or your MacBook (Apple calls it Touch ID) without having to type in your password. It’s convenient, fast, and secure.
Password-less login to your laptop is awesome. But now—if your organization uses a modern SSO solution—you may be able to use the same fingerprint reader to sign into your corporate apps, either in combination with your password or without. The tech industry calls this capability WebAuthn and it’s a new standard for biometrics-based authentication, developed under the FIDO Alliance. Google, Microsoft, Apple, and Mozilla have all implemented WebAuthn in their newest browsers, paving the way for users to leverage the technology to quickly and securely access resources.
How does it work? It’s like logging into your laptop using Windows Hello or Touch ID. Imagine you want to log into Salesforce. You type in your username and password and then—instead of waiting for an SMS code—the login dialog asks you to touch your fingerprint reader. With a light touch, you are in.
With FIDO2 (WebAuthn) enabled, it means you can use your finger to sign into your computer, but also, you can use it to sign into your apps. How do you find out if your organization plans to provide WebAuthn as the easiest 2-factor authentication method? Ask your help desk, and as a side note, you may be able to choose from several MFA options. Your fingerprint may not only be your best choice for secure SSO login, but it may also be the easiest — so, choose wisely.
How to get started
Try WebAuthn in SecureAuth now.
- FIDO2 (WebAuthn) global MFA settings
- Define login workflow and multi-factor methods settings in a policy
What is FIDO2 WebAuthn?