Duo Passwordless Public Preview is Here
Passwordless is a sea change in authentication. We’ve spent the last 60 years relying on shared secrets to access digital resources and moving away from that is no small task. However, the transition will be worth the effort. Passwordless authentication provides the rare opportunity to increase our access security drastically while simultaneously improving the user experience — a compelling prospect!
However, as someone researching this new technology, you might be overwhelmed with all of the buzz — asking questions like “How do I even get started?” or “Does everything have to change?!”
We’re excited to announce a public preview for Duo Passwordless using our Duo Single Sign-On solution — with a core focus on making this new technology as easy as possible to adopt in your organization.
We adhered to a few simple principles as we developed the product. It needed to:
work for any user, on any device
integrate with existing infrastructure
and minimize setup time for both admins and end users.
Therefore, we’ve built out our feature set with each of these themes in mind.
To enable any user on any device, we’ve made sure that our passwordless solution supports platform biometrics on Mac, Windows, iOS, and Android. For users that don’t have access to a device with built-in biometrics, we’ve added support for FIDO2 security keys that can verify users. Users can also enroll multiple passwordless authenticators. By offering several passwordless device options, we’re hoping to make it easy for users to get up and running with this new technology.
In order to flexibly fit into existing infrastructure, we’re offering several set-up options. We recommend using Duo SSO. It’s a cloud-delivered SSO solution that includes all of our deep security features. And for customers leveraging an existing SSO solution, we’ve built easy integrations so that you can use our passwordless functionality in those cases as well.
Finally, and this is key to our offering, we’ve made things easy to set up and use. For administrators, configuring passwordless authentication in their Duo environment takes minutes instead of hours. Administrators can also set policy around which applications and user groups should get passwordless as an option, making it simple to phase the roll out of the new authentication method. On the end user side, we’ve made enrollment simple, with intelligent prompts that suggest available passwordless options while providing important information about biometric security and privacy.
For those of you intrigued by passwordless authentication, and who’d like to learn more before diving in, our Administrator’s Guide to Passwordless provides an incredibly in-depth look at this new technology. Start there, and come back!
Why Did We Start With SSO?
When thinking about how to implement passwordless technology, you really have two problems to grapple with. The first is an integration problem — how do I insert passwordless technology into my user flows? The second is an authentication problem — what technology do I use to verify identities without relying on a password?
Both of these are hard problems! The integration problem however, aligns with an overall push towards consolidating application access to single sign-on technologies that has been years in the making. When you evaluate authentication use cases in your environment, there’s a decision to be made. You can integrate a passwordless solution directly into older applications or you can upgrade that application to support SAML.
For Duo, most customers we spoke with are already embarking on projects to move away from legacy authentication types for a variety of reasons. Passwordless is simply another incentive to move that RADIUS-based VPN to SAML. Our goal is to help you go passwordless with the broadest amount of use cases possible and starting with SSO first lets you do that!
We definitely recognize there are some legacy use cases that aren’t going away anytime soon (like that vendor-owned software that hasn’t updated in 10 years that’s definitely not adding SAML support anytime soon). Thankfully, Duo can already help you provide MFA for all sorts of integrations, and we plan to help you support these with passwordless authentication in the long-run as we continue to evolve the product.
We’re pretty excited about the future of biometrics for authentication. In user research we’ve conducted, we’ve found users are pretty excited too! It’s common for end users to be well acclimated to biometrics from consumer use cases and in research we’ve done, more than 70% of users tell us they’re interested in using biometrics in the workplace as well.
We’ve also heard from customers however, that there are plenty of use cases where you might not be ready for biometrics yet. Older hardware, regulatory compliance, or simple end user preference means having a variety of authentication options is critical. As such, we’re working hard to enable Duo Mobile as a passwordless authenticator as a next step before we make the product generally available.
How Do I Sign Up?
Passwordless authentication is rolling out as an early-access preview to customers over the next week; the feature will be available in MFA, Access, and Beyond editions. It will show up in your Duo Admin Panel under Single Sign-On > Passwordless. Note, however, there are some restrictions on the public preview. Initially, Duo Passwordless will roll out to customers on our U.S. and Ireland deployments. If outside of those regions, Duo Passwordless will deploy on a rolling basis as we approach General Availability.
To get started with passwordless authentication in your environment, check out our passwordless documentation.
We’re excited to be a part of this authentication revolution and help folks on their journey to a passwordless future. Please reach out to firstname.lastname@example.org with questions, comments, and feedback.
Learn More About Duo’s Passwordless Solution
Try Duo For Free
With our free 30-day trial, see how easy it is to get started with Duo and secure your workforce from anywhere, on any device.