Identity is a very important part of accessing data, services and applications. An identity has long been not just a username and password, but must include an additional security layer to protect data and access to ensure data integrity.
We invite you to attend a seminar focusing on identity.
NB! Two-step authentication and its importance!
Let's look at the ways of passwordless authentication for both cloud and hybrid identities from a practical side:
• Microsoft authenticator
• FIDO2 keys - Yubico YubiKey
• Windows Hello for Business
• How to give the user a temporary temporary password to set up passwordless authentication
In addition, let's take a look at Microsoft Azure SMS authentication.
The seminar is conducted by:
Priit Timpson - Cloud Services Architect
Priit has been active in the field of information technology for more than 20 years, of which he has been working with Microsoft cloud services for the last 12 years, and the main focus for the last 5 years has been security.
All of our webinars are free, and you can feel free to share the invitation if you know anyone who might be interested in these topics.
Microsoft Authenticator
Microsoft Authenticator helps you sign in to your accounts using 2-way verification. Two-factor verification helps keep your accounts more secure, as passwords can be forgotten, stolen, or compromised.
Microsoft Authenticator also supports the industry standard for time-based one-time access codes (or TOTP or OTP). Therefore, you can add any online account to the Microsoft Authenticator application that also supports this standard. This will keep your other online accounts secure.
There are several ways to use Microsoft Authenticator:
- Submit another verification method after signing in with your username and password.
- Sign in without asking for a password using your username and fingerprint, face recognition, or PIN on your mobile device.
Windows Hello for Business
Windows Hello for Business replaces passwords on devices with strong two-factor authentication. This authentication consists of a new type of user credential that is associated with the device and uses a biometric or PIN code.
Windows Hello provides reliable, fully integrated biometric authentication based on facial recognition or fingerprint matching. Windows Hello uses a combination of special infrared (IR) cameras and software to increase accuracy and protect against counterfeiting. Major hardware vendors supply devices with integrated Windows Hello-compatible cameras. Fingerprint reader hardware can be used or added to devices that do not currently have it.
Windows stores biometric data that is used to securely deploy Windows Hello to a local device only. Biometric data is not roaming and is never sent to external devices or servers. Because Windows Hello only stores biometric credentials on your device, there is no collection point where an attacker could steal your biometric credentials.
Windows Hello resolves the following password issues:
- Strong passwords can be difficult to remember, and users often use passwords on multiple sites.
- Server breaches can reveal symmetric network credentials (passwords)
- Passwords are subject to repeated attacks.
- Users may accidentally reveal their passwords due to phishing attacks.
Windows Hello allows users to authenticate:
- Microsoft account
- Active Directory account
- Microsoft Azure Active Directory (Azure AD) account
- Identity Provider Services or Dependent Party Services that support
- Fast ID Online (FIDO) v2.0 authentication.
After the user's initial two-step verification at registration, the user sets up Windows on Hello, and Windows prompts the user to specify a gesture, which can be biometric, such as a fingerprint or PIN. The user makes a gesture to confirm their identity. Windows Hello then authenticates the user.
Fido2 Keys - Yubico YubiKey
YubiKey. Technology that has been proven to stop large-scale takeovers.
It is used by more than 5,000 companies and 15+ million users in more than 160 countries.
YubiKey 5th series
The YubiKey 5 Series eliminates account takeovers by providing strong phishing protection, using multi-protocol capabilities that can protect legacy and modern systems. The series offers a variety of authentication options, including strong two-factor, multi-factor, and password-free authentication.
YubiKey Bio series
The YubiKey Bio Series supports biometric authentication using fingerprint authentication for secure and seamless passwordless login. Designed primarily for desktop computers, the YubiKey Bio series offers strong biometric authentication capabilities and hardware security with a new user experience.
Security Key series
The Yubico security key series consists of two keys, Security Key NFC and Security Key C NFC, which combine hardware-based authentication, public key cryptography, and U2F and FIDO2 / WebAuthn protocols to prevent account overruns.
If you have any questions, please contact us!