The News: Duo, the authentication service Cisco acquired for $2.35 billion in 2018, today announced its plans to launch a passwordless authentication service that will allow users to log in to their Duo-protected services through security keys or platform biometrics like Apple’s Face ID or Microsoft’s Windows Hello. The infrastructure-agnostic service will go into public preview in the summer. Read the full news story on TechCrunch.
Analyst Take: With security instances up and certainly garnering greater attention, the need to address all of the factors that are creating vulnerabilities is on the rise. Cisco purchased Duo, the Michigan-based cybersecurity company, in 2018 to expand its security capabilities, and this week’s announcement of its Passwordless offering brings Duo back into the spotlight. In short, nobody likes passwords, and efforts to harden passwords often creates behaviors that lead to self-inflicted wounds. Duo Passwordless takes a new approach that is becoming commonplace in our daily interactions with our mobile devices like biometric fingerprint and facial recognition.
Quick Overview of Duo Passwordless by Cisco
First of all, it’s noteworthy that this new security feature is infrastructure agnostic. The Passwordless feature allows users to log into cloud applications with one click using security keys or platform biometrics such as fingerprint or facial recognition built into smartphones and laptops. Both of these modalities for gaining access to cloud applications offer greater protection than typical password entry. Duo Passwordless authentication will be available for public preview this summer and generally available by the end of the year as part of Cisco’s zero-trust platform.
More on How Duo Passwordless Handles Authentication and Where it will be Used
Duo passwordless authentication uses the Web Authentication (WebAuthn) standard, which is based upon asymmetric cryptography. It’s important to recognize that this standard and Duo’s approach enables biometrics to be securely stored on and validated locally by the device. Duo has been a pillar behind the Web Authn standard and is a member of the World Wide Web Consortium, where it helped drive WebAuthn’s ratification as an official web standard.
From a use case standpoint, Duo’s first passwordless use case enables access to cloud applications protected by Duo single sign-on (SSO) and third-party SSO and identity providers by leveraging platform biometrics like TouchID, Windows Hello, and Apple FaceID, along with security keys. With the typical enterprise utilizing hundreds of SaaS applications, this enhancement can reduce threat surfaces and make secure access to these applications frictionless.
Before this announcement, Duo had additional security products that users could tap into to add extra security layers. This includes Duo’s secure access services such as device health and behavior monitoring controls. With these additional security layers, Duo users can further reduce risk if a biometric is stolen or ineffective.
Impressions of Duo Passwordless
People hate passwords, and enterprises are experiencing massive app sprawl that continuously adds threat surfaces to organizations. With security being top of mind more than ever, companies need to make apps and data more secure, but ideally without adding complexity or steps that will likely be ignored or underutilized. Duo Passwordless is addressing an interesting need and is hitting the market at an opportune time. I believe there is substantial upside for this line of solutions, which will help one of Cisco’s brightest revenue streams, which has been security.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.