Last Updated | 22 November 2021 |
Document Id | tch-research-how-to-kill-the-password |
Author | simonm@thecyberhut.com |
Part of Research Product | How to Kill The Password – Buyer’s Guide to Passwordless Authentication |
Planning Recommendations – Existing Modals
Create an inventory of existing authentication sources – especially MFA. This matrix should contain – auth type, no. of users enrolled, no. of active users, age of deployment, cost per user and a quantitative measure of security and usability. Look for areas to consolidate, invest, augment or replace. Add into the matrix both the onboarding and post-authentication integration points. Do the authentication types require identity proofing? What downstream systems are leveraging the authentication status? What integration requirements exist?
- Use this matrix to help prioritise the immediate and targeted need for passwordless technologies.
Planning Recommendations – Device & Users
Create an inventory of user personas and device types per authentication source. This can help understand the user population with regards to adoption and usage patterns. This process will vary slightly depending on whether a consumer or workforce project is being conducted. Analysis age, sex, geographic location as well as device type characteristics. Overlay high level makes models, operating systems and versions spending on the level of information that is available.
- An understanding of the anticipated user and device demographics can help to streamline incentives, “nudges” and physiological acceptability during rollout.
Planning Recommendations – Try Before You Buy
Leverage any ability to try the product before purchase. This includes proof of concepts, pilots, cloud trials and sandboxes, where technology can be tested against real world scenarios and systems. Perform app downloads and map out the flows against the authentication credential lifecycle – but do this against actual target systems. During this process identify and list integration requirements. Test out developer documentation and APIs and understand and feel comfortable with the vendor’s support processes.
- Use this process as a culture-match test between your organisation and the supplier.
Planning Recommendations – Case Studies
Analyse all existing vendor case studies that are available. Seek publicly available case studies as they are typically associated with the most mature and satisfied customers. If the client is happy to speak at conferences regarding technology use, that is a decent indication of project success. However some providers do not disclose all named customer case studies due to confidentiality, compliance and sensitivity. Ask for private introductions to understand the project, success factors and implementation details. If possible be in a position to speak to existing customers without the vendor present.
- Seek to compare the initial deployment speed and happiness with a long tail completion time.
Planning Recommendations – Roadmaps
Identify and catalog authentication related requirements across as many business areas, applications and projects as possible. Try to understand the requirements these projects will generate over a 1 – 2 year period and map into existing and future vendor capabilities.
Ask the vendor for their immediate and long term strategic roadmap to understand capability benefits but also integration and support changes.
Try to be aware of changes from an external perspective that may alter existing requirements and service demands – this could come in the form of standards and compliance changes via any market acquisition or business direction changes.
- Seek to understand the future requirements and capabilities differences in order to more effectively reduce risk and technology gaps