SSH passwordless: How It Works And What Are the Advantages
Authentication solutions based on passwordless SSH technology are destined to become increasingly widespread in the medium-term future: Gartner has predicted that by 2022 at least 60% of international organizations will use this protection method for at least 50% of the situations that require a login. The percentage grows from 50% to 90% considering medium or small companies.
These are very important percentages, especially considering that in 2018 passwordless SSH solutions had an estimated diffusion rate in organizations of 5%. The advantages for users are indisputable: there is no longer the need to memorize a password; this password can no longer be forgotten or stolen.
Benefits not only for users but also for organizations
These advantages also have interesting aspects for organizations; in fact, IT technicians’ interventions for resolving problems relating to lost passwords are decreasing. Furthermore, given that the same password is often used for various services, when this element is stolen – for example, with a phishing attack – organizations are also exposed to potential risks; a passwordless SSH solution also secures against these malicious actions. Furthermore, passwordless SSH-based solutions generally offer a higher level of security because they can integrate with biometric technologies or hardware platforms dedicated to encryption.
In addition to these advantages, a further positive aspect of adopting passwordless SSH solutions lies in the possibility of using a second hardware device for authentication. This device can be used to generate an OTP code or to reply to a notification message with which to conclude the recognition operation. All of this differs based on the different ways in which the passwordless SSH solution has been implemented.
What are the software tools needed to implement passwordless SSH?
We have so far described the application scenario in which passwordless SSH solutions fit, focusing on the user’s experience and the advantages for organizations in terms of saving resources and security. These solutions are made possible by precise technologies that must be implemented in the organization’s IT. More precisely, they refer to the FIDO2 – Fast IDentity Online – standard and to the UAF, the acronym of Universal Authentication Framework.
All these advantages for organizations and for end users are accessible through precise technological choices called Fast IDentity Online (FIDO) Universal Authentication Framework (UAF). For organizations, an exciting solution is the adoption of Microsoft Azure which, with Active Directory, allows to implementation of these technologies.
Microsoft Azure Active Directory is a cloud service that allows great flexibility in identity management. For example, it offers support for a multitude of SaaS, which can then be accessed securely in Single Sign-On mode or by exploiting other multi-factor authentication options or SSH Passwordless.
With this Microsoft service, organizations can manage individual user access to specific resources, whether in the cloud, on-premise or available as apps on mobile devices. Furthermore, Microsoft Azure Active Directory provides advanced tools to guarantee and control access: for example, it will be possible to verify for each authentication request the device from which the login is requested, its position, and any other elements that may lead to the suspected. Microsoft also uses real-time machine learning technologies in this process.
Microsoft Azure Active Directory intends to offer organizations a complete and integrated solution to the problem of user authentication, guaranteeing safety and security without hindering productivity with complex and articulated access procedures.