Más contenido relacionado
La actualidad más candente (20)
Similar a A passwordless enterprise journey (20)
A passwordless enterprise journey
- 2. Copyright © 2022 Accenture. All rights reserved
From good
to great
Despite the pace of technological
change, the use of passwords has
remained the same since the earliest
days of computing. And yet there
is strong evidence that passwords
not only present a significant
security risk, but also create
a financial burden.
Today, there are more than 300 billion
passwords being used by humans and
machines worldwide, with 83% of data
breaches attributed to password
compromises. Along with this volume
and scale, the administrative costs of
password maintenance are
unsurprisingly high—averaging around
US$1M in annual costs per business.
Costs include staff and infrastructure
management, as well as passwords
resets. Globally, these costs
contribute to an estimated US$6T in
annual cybercrime damage.
While authentication technologies,
such as traditional multi-factor
authentication (MFA), add layers of
security and usability to the
authentication process, they are not
as sophisticated as passwordless
technologies, such as Windows Hello
for Business, Microsoft Authenticator
App or FIDO2 tokens.
Passwordless technology alters the
fundamental security model by moving
the verification onto the device rather
than passing credentials through an
online connection. Aside from enabling
organizations to operate in a more
robust and resilient manner, the
passwordless journey offers an
enhanced user experience—reducing
the need for passwords and easing
access.
Over the past decade, Accenture
has been undertaking a multi-phased
passwordless journey. We aim to
remove our dependency on
passwords from all applications and
identity platforms, as well as enable
our people to experience a
passwordless process that evolves
from good to great.
“Eliminating
passwords from the
user experience
involves technical
and cultural change.
In the future, people
will look back and
wonder why we ever
used passwords.”
SIMON GOOCH
Managing Director – Global IT, Enterprise
Technology, Security, Accenture
Call for change
- 3. Copyright © 2022 Accenture. All rights reserved
Solutions
that serve
When tech meets human ingenuity
Accenture introduced a single sign-on
process as early as 2001. But passwords are
susceptible to phishing and other remote
attacks. Also, the Accenture policy of
requiring password renewal every 75 days
often meant a poor user experience for our
people—there is growing evidence that
password rotations are already obsolete and
should be reconsidered. A decade on, we
moved to MFA which has been part of our
security protocols since inception.
In 2019, we began our passwordless journey with our
longstanding ecosystem partner, Microsoft. Microsoft is
a forerunner in passwordless authentication. The
partnership meant we were well-positioned to not only
accelerate our journey, but also to embrace a game-
changing shift in our security model.
Passwordless solutions fundamentally change the security
model by localizing authentication at the device level,
which prevents remote attacks. Hackers must have access
to both the passwordless unlock method (such as PIN or
biometrics) and the physical device to gain access to
company’s resources.
- 4. Copyright © 2022 Accenture. All rights reserved
To move toward a passwordless environment, we reevaluated the identity platform for our devices and applications
in our existing environment. Our strategy was based on moving our apps to Azure Active Directory (Azure AD) as
part of the Accenture cloud-first, cloud-only vision. We then chose passwordless authentication solutions that met
our device and application needs which include:
When tech meets human ingenuity
Discovering all applications and
audiences being used within an
organization is challenging, especially
without a directory to serve as a
“source of truth.” We decided to move
to Azure AD and use Azure’s
passwordless options to find all apps
and begin phasing out the use of
passwords. For apps without
passwordless options or the ability to
move to Azure AD, we considered
alternatives to adapt them,
implemented technology to transform
them or took the decision to
decommission the app.
Windows Hello for Business (HfB): Windows Hello for
Business replaces passwords with strong two-factor
authentication on devices. Since HfB is supported by all
Windows workstations deployed by Accenture, any user
of these devices can enroll in the program and start
authenticating to their device and applications with
a PIN or biometrics.
Passwordless sign-in with the Microsoft
Authenticator app: This solution enables Accenture
employees to use their phones to complete two-factor
authentication, without the need for dedicated physical
devices. Simply by completing a number match, a user
can authenticate to any application on multiple devices.
FIDO2 token: A FIDO2 token is a separate physical
device that typically resembles a familiar USB
thumb drive. The tokens can be used to complete
device and application sign-in on any
Accenture workstation.
Temporary Access Passcode (TAP): Without
passwords, it can be difficult to initially enroll a user
in any of the above solutions. Temporary Access
Passcodes enable Accenture to securely overcome
this complexity. A time-limited passcode is given to a
verified user to enable them to register passwordless
methods and recover access to their account without
the need for a password.
- 5. Copyright © 2022 Accenture. All rights reserved
A cultural shift
When tech meets human ingenuity
As with any change program, it’s important to not only enable adoption throughout the whole organization,
but also engage the hearts and minds of our individual users. But to play their part, users needed to
understand what was being asked of them. This involved:
A partnership with the provider using
the latest tools, such as the Microsoft
Authenticator app’s “Nudge”
functionality, and leading practices,
such as sentiment tracking.
Above all, we made it clear that password and passwordless actions are likely to co-exist for a period of time. And
we encouraged a change of mindset—in short, we stressed the idea that passwordless means safer and easier
business operations.
A targeted communications approach that
customized messages by type, role and
situation and identified the actions required.
We also took a regional approach to
stakeholder engagement, asking local leaders
for support in promoting the change, helping
the global effort to feel more personal.
A map of the full journey was created from our
foundational steps of simply identifying
passwordless options, all the way to our end
goal of working in a completely passwordless
environment. We used an easy-to-understand
infographic from our digital experience team in
sharing this journey.
A keen focus on specific stakeholders
included embedding the new process and
tools in the onboarding process for new
joiners and offering a “white glove” approach
to our senior leaders.
- 6. Copyright © 2022 Accenture. All rights reserved
Passwordless
realization
A valuable difference
Today, we’ve reached a stage in our multi-phase passwordless journey where we
have removed the requirement for password authentication from the user
experience. With 710,000 employees provisioned, managed and maintained, it’s in
our best interests to make security and identity management
as simple—and automated—as possible.
We’ve proven the benefits. The adoption of passwordless has led to faster login
times, more reliable experience, fewer failed authentications and improved overall
security posture.
Ongoing, we expect to accelerate the login experience further and reduce IT support
costs related to all password maintenance activities. By demonstrating the success in
our global deployment of passwordless security, Accenture aims to be one of the first
large-scale enterprises operating a pure passwordless model.
- 7. Copyright © 2022 Accenture. All rights reserved
Today, eliminating passwords from all user authentications remains a goal—in part
because the technology is still being developed to make it a reality. However, we have
made excellent progress and learned along the way:
Communication counts: Communicating with users throughout the journey is
critical to success. Focus on user benefits, value across the organization and
highlight the differences in operating in a passwordless model.
Compatibility takes time: Verifying application compatibility can be time-
intensive. Planning is required to ensure all applications and Accenture
devices support passwordless solutions.
Finding applications is challenging: A rigorous effort is required to
identify all applications that continue to use a password prompt. This is
especially challenging with the vast number of applications in the
Accenture environment.
It helps to develop a strategy for “outliers”: Not all legacy solutions will
be compatible with passwordless; it is critical to identify outlying use cases
and develop clear remediation paths.
Be multi-device compatible: Users often log into the same application on
different devices (for example, a laptop versus mobile device). Adopt
passwordless solutions that are compatible with multiple devices for a
smoother transition.
A valuable difference
535K
Users enabled for Windows Hello
for Business
208K
Registered employees using the
Microsoft Authenticator App for
passwordless sign-in
25.4M
Azure AD authentications per day
70%
Of Windows device sign-ins occur
with a passwordless method
16.5K
Active passwordless applications
- 8. Meet the team
Merim Becirovic
Managing Director
Global IT, Enterprise Technology
Simon Gooch
Managing Director – Global IT,
Enterprise Technology, Security
Xander Cinjee
Director – Global IT,
Security & Identity
Joe Kaplan
Director – Global IT,
Security & Identity
How Accenture does IT
Our global IT organization is driving technology-powered business
transformation across Accenture.
https://www.accenture.com/us-en/services/about/enabling-it
Copyright © 2022 Accenture. All rights reserved
Related capabilities
Amanda Clevey Brown
Senior Manager – Global IT,
Technology Vision & Strategy
Jason Pucker
Director – Global IT,
Corporate Technology,
Journey & Change Management
Lisa Wang
Senior Manager – Global IT,
Journey & Change Management