Moving Beyond Passwords (Finally? Really?)

Will we ever be free of passwords? I once worked at a global tech company where a breathless IT staffer told me that the whole organization would be off of passwords within 18 months. Instead, we would all use PCMCIA cards. That prediction received more than its fair share of eye rolls. At the time, George W. Bush was president. Just saying… They’re still on passwords today.

Indeed, the mere concept of a no-password enterprise has been greeted with a notable degree of opprobrium from the IT establishment. No-password advocates have gown taciturn as the forces of entropy become even more intransigent in the face of change. Being sanguine about dropping passwords has been out of style, but things are starting to change.

John Spencer, Veridium’s Chief Product Officer

The password-less future has long been predicted, but never realized. There are many reasons for this, and we may never be fully rid of them. Some password use cases will be with us through the next ice age.  It seems, though, at long last, that technology has finally caught up to its potential to remove the password from everyday use.

It’s definitely time to get rid of passwords wherever possible. As Veridium’s Chief Product Officer, John Spencer, explained, password log ins increase the risk of data breaches. Passwords can be guessed or worse, shared. They can be stolen or phished. And, users tend to forget them. Companies spend significant amounts of money on helpdesk calls for password resets. Tokens, which usually accompany passwords because of their vulnerability, are also expensive.

Veridium is seeking to solve this dilemma, especially with regard to Citrix instances. The company is now working closely with Citrix to eliminate password logins in Citrix environments. Spencer, who is a former Citrix executive, also shared that Citrix has made an investment in Veridium recently.

The Veridium solution gets rid of passwords for Citrix Sharefile, virtual desktop infrastructure (VDI) and network security offerings. It works primarily by authenticating users with biometrics over their mobile devices. When a user wants to log into a Citrix system, the Veridium solution pushes a notification to the user’s device. When prompted, the user can enter a fingerprint or use facial recognition into the device. The device then signals the Citrix system to let the user in.
They shared a video of the authentication process, shown here:

This approach has several advantages over earlier attempts to remove passwords from the log in process. For one thing, it decouples the biometric authentication from the target system. Instead of having to install biometric devices in front of every point of access to a Citrix system, Veridium leverages a biometric scanner that virtually everyone already has in his or her pocket.

Veridium / Citrix Logon showing Username only

The process also reduces the risk of hacking by connecting the biometric authentication with the user. Yes, a phone can get stolen. Its biometrics could be hacked, but it’s more likely to be in the possession of its owner (and the owner’s fingers or face.)

Biometric auth with Veridium on a mobile device

Veridium also works with VMware solutions, Microsoft servers and a variety of VPNs. Veridium, along with other companies that use mobile-based authentication mechanisms, are showing that the password-less future may be closer than we once thought. If they’re successful, there should be a drop in helpdesk calls for password resets and a drop in expenditure on security tokens.

Photo Credit: TU Lankide Flickr via Compfight cc