{"id":89633,"date":"2019-07-11T15:00:16","date_gmt":"2019-07-11T22:00:16","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=89633"},"modified":"2023-05-15T23:07:57","modified_gmt":"2023-05-16T06:07:57","slug":"preparing-your-enterprise-to-eliminate-passwords","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/07\/11\/preparing-your-enterprise-to-eliminate-passwords\/","title":{"rendered":"Preparing your enterprise to eliminate passwords"},"content":{"rendered":"

Anyone who uses the internet knows the hassles of using a user name and password to access their own information, whether it\u2019s their banking, online shopping, social media, medical information, etc. If you\u2019re a CIO, a CISO, or any other exec at a company who is thinking about digital security, the user name\/password paradigm is more than a hassle, it\u2019s a true security challenge, which keeps many of us up at night.<\/p>\n

I can tell you that deploying a companywide strategy for eliminating passwords isn\u2019t easy, but it\u2019s also probably not as hard as you think, either. When I told our senior leaders that we\u2019d be eliminating passwords in about 24 months, they applauded. When I said getting there would temporarily disrupt support for select line of business apps and devices, they had questions. What I share with you today is based on what we\u2019ve learned in this process.<\/p>\n

I\u2019ve been talking about eliminating passwords for a while now, aligning to our principles for identity strategy<\/a>, and the most common response I get from my peers is: \u201cGreat, how can I do it at my company?\u201d Today, I\u2019m outlining the basic steps necessary to eliminate passwords, with the acknowledgement that we\u2019re still on the journey. I believe we\u2019ve mapped out the right path, but we aren\u2019t finished yet.<\/p>\n

The first step is to segment the user population in your network. You\u2019ll have to bifurcate your users into two groups:\u00a01) those users in a compliance boundary (for example, people who handle credit card\/payment information); and 2) everyone else. This segmentation is necessary because there are compliance requirements in some industries that essentially require using user names and passwords. Until the regulations catch up with the technology, the people in this segment will be forced to continue using passwords. The good news is that the rest of your user population is probably quite sizable and can move forward on the journey towards eliminating passwords.<\/p>\n

Once the user population is segmented, the remaining steps can be pursued, and they don\u2019t have to be done sequentially. If you follow these steps, you\u2019ll have a vastly superior user experience for your employees and a more secure network while you\u2019re on the path to ending passwords in your own environment:<\/p>\n