Top tasks IT professionals are spending more time on

LogMeIn released a report that reveals the current state of IT in the new era of remote work. The report quantifies the impact of COVID-19 on IT roles and priorities for small to medium-sized businesses.

top tasks IT professionals

The study reveals the massive shift in the day-to-day work of IT professionals, and the broader impact of the transition to remote work for the majority of businesses.

The report uncovers how the budgets, priorities, and functions of IT teams at small and medium-sized businesses continue to be shaped by ongoing global upheaval and uncertainty and provides insights into how IT professionals are adapting their roles and teams to these challenges.

Virtual tasks and security concerns demand more IT time

With the onset of COVID-19, the types of tasks that filled a typical IT team member’s day changed significantly. The research found that 67 percent of respondents said they spend more time on virtual tasks like team web meetings, remotely accessing employee devices (66 percent) and customer web meetings (52 percent).

Security also gained increased focus, with 54 percent spending more time managing IT security threats and 54 percent developing new security protocols. 47 percent of IT professionals are spending 5 to 8 hours per day on IT security, compared to 35% in 2019.

The increased complexities of BYOD and BYOA (Bring-Your-Own-Devices and Access) work environments combined with advancements in cyberattacks have increasingly monopolized the focus of IT professionals.

IT is most worried about a breach

The top IT security concerns continue to be data breaches (cloud, internal, and external), malware, employee behavior, and ransomware. With cloud technology and adoption skyrocketing over the years, fear of a cloud data security breach has increased significantly just in the past two years, with 40% of IT professionals expressing concern in 2018 and 53% citing it as a top security concern in 2020.

Another higher priority concern in 2020 compared to previous years is ‘Rapidly evolving business technology practices’ with 29 percent of IT professionals stating it’s a top security concern in 2020, compared to only 20 percent in 2019.

Lack of budget is the greatest barrier to keeping up with trends in IT

35 percent of IT professionals agree that a lack of budget is the biggest challenge their company is facing in trying to keep up with IT trends. IT training, lack of IT staff, lack of control over a remote workforce, and IT staff resistance to change are all seen as the most common reasons IT teams are struggling to adapt to changes in their field.

With limited budget, IT teams must implement solutions that enable them to do more with less and prioritize implementing tools with security, automation, and monitoring functionality.

Software facilitating remote collaboration and management proved most valuable to IT

Given that it was no longer possible to stop by an employee’s desk to address any issues, 38 percent of IT teams prioritized remote access software first during the COVID-19 pandemic.

With employees working from home, having a way to collaborate with colleagues became mission-critical, so it’s not surprising that one third of IT respondents prioritized meeting and communications software.

“Despite the impact many teams experienced from COVID-19 – from budget, to resource allocation, to project priorities – many teams are now more prepared,” said Ian Pitt, CIO at LogMeIn.

“This data shows that the pandemic has led to improved training for IT and employees, ensuring all employees have the appropriate hardware and software, and even installed multifactor authentication for improved security.”

Is passwordless authentication actually the future?

While passwords may not be going away completely, 92 percent of respondents believe passwordless authentication is the future of their organization, according to a LastPass survey.

passwordless authentication

Passwordless authentication reduces password related risks by enabling users to login to devices and applications without the need to type in a password.

Technologies such as biometric authentication, single-sign-on (SSO) and federated identity streamline the user experience for employees within an organization, while still maintaining a high level of security and complete control for IT and security teams.

Organizations still have a password problem

Problems with passwords are still an ongoing struggle for organizations. The amount of time that IT teams spend managing users’ password and login information has increased year over year.

In fact, those surveyed suggest that weekly time spent managing users’ passwords has increased 25 percent since 2019. Given this, 85 percent of IT and security professionals agree that their organization should look to reduce the number of passwords that individuals use on a daily basis.

Additionally, 95 percent respondents surveyed say there are risks to using passwords which could contribute to threats in their organization, notably human behaviors like password reuse or password weakness.

Security priorities are at odds with user experience

When it comes to managing an organization, security is a core challenge for IT teams. However, it is the lack of convenience and ease of use that employees care about. Security is the main source of frustration for the IT department, particularly when issues are often derived from user behavior when managing passwords.

The top three frustrations for IT teams include users using the same password across applications (54 percent), users forgetting passwords (49 percent) and time spent on password management (45 percent).

For employees, the issues lie in convenience. Their top three frustrations are changing passwords regularly (56 percent), remembering multiple passwords (54 percent) and typing long, complex passwords (49 percent).

Primary benefits of passwordless authentication

Better security (69 percent) and eliminating password related risk (58 percent) are believed by respondents to be the top benefits of deploying a passwordless authentication model for their organization’s IT infrastructure. Time (54 percent) and cost (48 percent) savings are also noted benefits of going passwordless.

Meanwhile, for employees a passwordless authentication model would help to address efficiency concerns. 53 percent of respondents report that passwordless authentication offers the potential to provide convenient access from anywhere, which is key given the shift towards remote work that is likely here to stay.

Top challenges of passwordless deployment

While going passwordless can provide a more secure authentication method, there are challenges in the deployment of a passwordless model.

Respondents report the initial financial investment required to migrate to such solutions (43 percent), the regulations around the storage of the data required (41 percent) and the initial time required to migrate to new types of methods (40 percent) as the biggest challenges for their organization to overcome.

There are also some concerns around resistance to change. Three quarters of IT and security professionals (72 percent) think that end users in their organization would prefer to continue using passwords, as it is what they are used to.

passwordless authentication

Passwords are not going away completely

When it comes to identity and access management, 85 percent do not think passwords are going away completely. Yet, 92 percent of respondents believe that delivering a passwordless experience for end-users is the future for their organization.

There is a clear need to find a solution that combines passwordless authentication and password management in today’s organizations.

“As many organizations transition to a long-term remote work culture, giving your employees the tools and resources to be secure online in their personal lives as well as in the home office is more important now than ever,” said Gerald Beuchelt, CISO at LogMeIn.

“This report shows the continued challenge that organizations face with password security and the need for a passwordless authentication solution to enable both IT teams and employees to operate more efficiently and securely in this changing environment.”

How can the C-suite support CISOs in improving cybersecurity?

Among the individuals charged with protecting and improving a company’s cybersecurity, the CISO is typically seen as the executive for the job. That said, the shift to widespread remote work has made a compelling case for the need to bring security within the remit of other departments.

improving cybersecurity

The pandemic has torn down physical office barriers, opening businesses up to countless vulnerabilities as the number of attack vectors increased. The reality is that every employee is a potential vulnerability and, with the security habits of workers remaining questionable even amid a rising number of data breaches, it’s never been more important to foster a culture of security throughout an organization.

Improving security with culture

We continue to see different data breaches in the news, with hundreds of millions of users on Instagram, TikTok and YouTube having their accounts compromised in the latest breach. These instances, and countless others, are a testament to the critical importance of strong security behaviors – both at work and home – and the training and attentiveness they require.

The shared responsibility in security is closely tied to how employees at all levels perceive the importance of security. If this is ingrained within the culture, they will have the abilities and tools to protect themselves. This is, of course, easier said than done.

Creating and maintaining a security culture is a never ending and constantly evolving mission and influencing people’s behavior is often the most challenging part of the effort. People have become numb to the security threats they face, and although they understand the potential risks, they don’t do anything about it. For example, recent research revealed that 92 percent of UK workers know that using the same password over and over is risky, but 64 percent of the respondents do it anyway. So, how do we get through that dissonance and get people engaged in security?

Encouraging cyber-secure practices from the top

As security continues to grow in importance, organizations absolutely need an executive at the top to vocally and adamantly advocate for security.

CISOs typically lead this charge. They are often tasked with leading a security team and a program responsible for protecting all information assets, as well as ensuring disaster recovery, business continuity and incident response plans are in place and regularly tested. In addition, CISOs and their teams are usually responsible for evaluating new technologies, staying updated on compliance regulations, overseeing identity and access management, communicating risks and security strategies to the C-suite and providing trainings.

Today, CISOs are also focused on protecting a highly distributed workforce and customers – in offices, at home or a mix of both – and meeting the new security challenges and threats that come along with this hybrid environment. That’s why it’s more important than ever for other C-suite executives to help promote and drive the organization’s security culture – especially through communications, training and enforcement of best practices.

While CISOs continue to spearhead the development of the organization’s security program and define the security mission and culture, other C-suite executives can vocally support these programs to ensure their integrity throughout the whole process, from vision and development to implementation and ongoing enforcement. The participation of the C-suite can also help CISOs focus on the most important security issues and adjust the program to ensure it is aligned with broader business plans and strategies, thereby helping to get broader support without compromising security.

One likely companion for this type of cross-department alignment is the Chief Operating Officer (COO). As this role typically reports directly to the CEO and is considered to be second in the chain of command, the COO will be able to provide the authority needed to advocate for security and how it can impact employees, customers, products and ultimately the business. This means a good COO today needs to encourage a business culture that supports security efforts thoroughly, while also ensuring security is prioritized at a tactical level.

However, the COO is not the only one that needs to serve as a security advocate. All C-level executives have a critical role to play in establishing a strong security culture. Because of their connections to different stakeholders, they will be able to share diverse insights.

For example, the COO can better incorporate input from the board, which is vital to ensuring the CISO understands the company’s risk tolerance which will directly impact innovation and revenue. The Chief Financial Officer (CFO) could share insights into the spending priorities and various obligations needed to protect financial systems and the Chief Human Resources Manager (CHRM) could get valuable data from employees. The CHRM is instrumental when driving the development of the security culture; their level of engagement often determines the overall success of developing a successful security-conscious culture.

Security-conscious C-suite executives will be able to step in to support the CISO’s mission that security needs to be a top priority.

Think security-first

Having model behavior fed from the very top will help to underline an organization’s collective commitment to cybersecurity. In doing so, employees are empowered by a sense of shared responsibility around their role in keeping a company’s corporate data secure. To this end, it’s crucial that the C-suite of modern companies are trailblazers of security, particularly in the current landscape.

The techniques employed by cybercriminals are becoming more and more sophisticated, and the risk of data breaches and stolen information being offered for sale on the dark web has never been higher. As the pandemic continues to influence developments in information security, senior leadership, middle management and junior staff members must all work together towards a collective aim of securing their workplace.

Fostering a culture of security awareness is by no means an easy feat, but the long-term gains outweigh any teething issues and will serve to make businesses watertight in the midst of a growing threat landscape.

How do I select a password management solution for my business?

91 percent of people know that using the same password on multiple accounts is a security risk, yet 66 percent continue to use the same password anyway. IT security practitioners are aware of good habits when it comes to strong authentication and password management, yet often fail to implement them due to poor usability or inconvenience.

To select a suitable password management solution for your business, you need to think about a variety of factors. We’ve talked to several cybersecurity professionals to get their insight on the topic.

Simran Anand, Head of B2B Growth, Dashlane

select password managementAn organization’s security chain is only as strong as its weakest link – so selecting a password manager should be a top priority among IT leaders. While most look to the obvious: security (high grade encryption, 2FA, etc.), support, and price, it’s critical to also consider the end-user experience. Why? Because user adoption remains by far IT’s biggest challenge. Only 17 percent of IT leaders incorporate the end-UX when evaluating password management tools.

It’s not surprising, then, that those who have deployed a password manager in their company report only 23 percent adoption by employees. The end-UX has to be a priority for IT leaders who aim to guarantee secure processes for their companies.

Password management is too important a link in the security chain to be compromised by a lack of adoption (and simply telling employees to follow good password practices isn’t enough to ensure it actually happens). For organizations to leverage the benefits of next-generation password security, they need to ensure their password management solution is easy to use – and subsequently adopted by all employees.

Gerald Beuchelt, CISO, LogMeIn

select password managementAs the world continues to navigate a long-term future of remote work, cybercriminals will continue to target users with poor security behaviors, given the increased time spent online due to COVID-19. Although organizations and people understand that passwords play a huge role in one’s overall security, many continue to neglect best password practices. For this reason, businesses should implement a password management solution.

It is essential to look for a password management solution that:

  • Monitors poor password hygiene and provides visibility to the improvements that could be made to encourage better password management.
  • Standardizes and enforces policies across the organization to support proper password protection.
  • Provides a secure password management portal for employees to access all account passwords conveniently.
  • Reports IT insights to provide a detailed security report of potential threats.
  • Equips IT to audit the access controls users have with the ability to change permissions and encourage the use of new passwords.
  • Integrates with previous and existing infrastructure to automate and accelerate workflows.
  • Oversees when users share accounts to maintain a sense of security and accountability.

Using a password management solution that is effective is crucial to protecting business information. Finding the right solution will not only help to improve employee password behaviors but also increase your organization’s overall online security.

Michael Crandell, CEO, Bitwarden

select password managementEmployees, like many others, face the daily challenge of remembering passwords to securely work online. A password manager simplifies generating, storing, and sharing unique and complex passwords – a must-have for security.

There are a number of reputable password managers out there. Businesses should prioritize those that work cross-platform and offer affordable plans. They should consider if the solution can be deployed in the cloud or on-premises. A self-hosting option is often preferred by some organizations for security and internal compliance reasons.

Password managers need to be easy-to-use for every level of user – from beginner to advanced. Any employee should be able to get up and running in minutes on the devices they use.

As of late, many businesses have shifted to a remote work model, which has highlighted the importance of online collaboration and the need to share work resources online. With this in mind, businesses should prioritize options that provide a secure way to share passwords across teams. Doing so keeps everyone’s access secure even when they’re spread out across many locations.

Finally, look for password managers built around an open source approach. Being open source means the source code can be vetted by experienced developers and security researchers who can identify potential security issues, and even contribute to resolving them.

Matt Davey, COO, 1Password

select password management65% of people reuse passwords for some or all of their accounts. Often, this is because they don’t have the right tools to easily create and use strong passwords, which is why you need a password manager.

Opt for a password manager that gives you oversight over the things that matter most to your business: from who’s signed in from where, who last accessed certain items, or which email addresses on your domain have been included in a breach.

To keep the admin burden low, look for a password manager that allows you to manage access by groups, delegate admin powers, and manage users at scale. Depending on the structure of your business, it can be useful to grant access to information by project, location, or team.

You’ll also want to think about how a password manager will fit with your existing IAM/security stack. Some password managers integrate with identity providers, streamlining provisioning and administration.

Above all, if you want your employees to adopt your password manager of choice, make sure it’s easy to use: a password manager will only keep you secure if your employees actually use it.

How do industry verticals shape IAM priorities?

IAM priorities differ by industry vertical, and a one-size-fits-all approach to IAM doesn’t work when every industry and business within that industry is unique, according to LastPass and Vanson Bourne.

IAM priorities

Each industry vertical has unique business needs, and as a result has different areas of focus when it comes to their IAM program.

Finance focused on reducing risk, while integrating IAM infrastructure

Financial service organizations deal with higher stakes than most verticals, which inevitably impacts how they manage employee access and authentication.

35 percent of IT professionals in this industry say hackers have gained access to their organizations in the past, which is not surprising given financial institutions experience the highest cybercrime costs out of all verticals at an average of $18.3 million per year.

According to the report, 70 percent of IT professionals in the finance industry say that reducing risk is a top priority and 65 percent state that integrating security infrastructure is their biggest area for improvement.

IT focused on IAM security benefits and prioritizes MFA

As information technology businesses are close to IAM software and managing customer’s data, it’s clear their relationship with technology impacts their IAM strategy. 77 percent in this industry say securing data is their top priority, while improving identity and access management is less of a focus with 61 percent noting that as a priority.

28 percent of IT and security professionals in this industry said they are planning to invest in multi-factor authentication (MFA) solutions which will help address their security challenges because MFA helps ensure only the right employees are able to access sensitive data.

IAM priorities

Media needs a secure, automated way to manage user access

Mass communication companies work with an array of external consultants to execute their programs, which leads to a wide array of users, both internally and externally, accessing business resources which complicates IAM.

34 percent of IT professionals in this industry say managing user access is important to their organization, compared to the overall average of all industries (9 percent). 44 percent say end users are demanding an easier to use solution and 49 percent say automating IAM processes is an area for improvement.

“Finance is focused on reducing risk and integrations, IT is prioritizing the security components of IAM, whereas media is focused on improving employee productivity.,” said John Bennett, General Manager, Identity and Access Management Business Unit at LogMeIn.

“It’s clear that flexibility, breadth of functionality and ease of use are critical so businesses can customize their IAM strategy in alignment with their business objectives. Organizations need to evaluate what their business needs are and build their IAM strategy based on those requirements.”

Beware of phishing emails urging for a LogMeIn security update

LogMeIn users are being targeted with fake security update requests, which lead to a spoofed phishing page.

“Should recipients fall victim to this attack, their login credentials to their LogMeIn account would be compromised. Additionally, since LogMeIn has SSO with Lastpass as LogMeIn is the parent company, it is possible the attacker may be attempting to obtain access to this user’s password manager,” Abnormal Security noted.

The fake LogMeIn security update request

The phishing email has been made to look like it’s coming from LogMeIn. Not only does the company logo feature prominently in the email body, but the sender’s identity has been spoofed and the phishing link looks, at first glance, like it might be legitimate:

LogMeIn security update

“The link attack vector was hidden using an anchor text impersonation to make it appear to actually be directing to the LogMeIn domain,” Abnormal Security explained.

“Other collaboration platforms have been under scrutiny for their security as many have become dependent on them to continue their work given the current pandemic. Because of this, frequent updates have become common as many platforms are attempting to remedy the situation. A recipient may be more inclined to update because they have a strong desire to secure their communications.”

Advice for users

This LogMeIn-themed phishing campaign is a small one, but users should know that the company has seen an “incredible uptick” in collaboration software impersonations in the past month.

Be careful when perusing unsolicited email, even if it looks like it’s coming from a legitimate source. If you have to enter login credentials into a web page, make sure you landed on that page by entering the correct URL yourself or by opening a bookmark – and not by following a link in an email.

In this particular case, you can be sure that if LogMeIn asks you to update something, the request/reminder will be shown once you access your account, so you’re not losing anything by ignoring the email and the link in it.

Password psychology: People aren’t protecting themselves even though they know better

People aren’t protecting themselves from cybersecurity risks even though they know they should, a study on password psychology by LogMeIn reveals.

password psychology

Password psychology

Year after year there is heightened global awareness of hacking and data breaches, yet consumer password behaviors remain largely unchanged. Data from the survey shows that 91 percent of people know that using the same password on multiple accounts is a security risk, yet 66 percent continue to use the same password anyway.

With people spending more time online, the evolution of cybersecurity threats and the unchanged behavior in creating and managing passwords creates a new level of concern around online security.

The global survey polled 3,250 individuals across the United States, Australia, Singapore, Germany, Brazil, and the United Kingdom and provides evidence that increased knowledge of security best practices doesn’t necessarily translate into better password management.

Global cyber threats continue to skyrocket but password behaviors unchanged

Password behaviors remain largely unchanged from the same study conducted two years ago — translating to some risky behaviors. 53 percent report not changing passwords in the past 12 months despite a breach in the news.

And while 91 percent know that using the same password for multiple accounts is a security risk, 66 percent mostly or always use the same password. This is up 8 percent from our findings in 2018.

Security-conscious thinking doesn’t translate to action

The data showed several contradictions, with respondents saying one thing and in turn, doing another. 77 percent say they feel informed on password best practices, yet 54 percent still try to memorize passwords and 27 percent write them down somewhere.

Similarly, 80 percent are concerned with having their passwords compromised, and yet 48 percent never change their password if not required.

Fear of forgetfulness, number one reason for password reuse

Most respondents (66 percent) use the same password for multiple accounts, which surprisingly has gone up 8 percent from our 2018 findings. Why? The fear of forgetting login information continues to be the number one reason for password reuse (60 percent), followed by wanting to know and be in control of all of their passwords (52 percent).

password psychology

Awareness and usage of MFA increasing

The good news is there is broad awareness and usage of multifactor authentication (MFA). Fortunately, 54 percent say they use MFA for their personal accounts and 37 percent are using it at work. Only 19 percent of survey respondents said they did not know what MFA was.

Respondents are also very comfortable with biometric authentication – using your fingerprint or face to login to devices or accounts. 65% said they trust fingerprint or facial recognition more than traditional text passwords.

“During a time where much of the world is working from home due to the disruption caused by the COVID-19 pandemic, and people are spending more time online, the cyber threats facing consumers are at an all-time high. Individuals seem to be numb to the threats that weak passwords pose and continue to exhibit behaviors that put their information at risk,” said John Bennett, SVP & GM of Identity and Access Management at LogMeIn.

“Taking just a few simple steps to improve how you manage passwords can lead to increased safety for your online accounts, whether personal or professional. Make World Password Day 2020 the tipping point for a change in your password behavior.”

Cybersecurity in a remote workplace: A joint effort

The reaction to the COVID-19 pandemic has disrupted every aspect of life across the globe and many companies now find themselves with fully remote workforces.

With so many employees now working from home, business networks have been opened to countless untrusted networks and – potentially – some unsanctioned devices. Naturally, the question of security arises given the need to ensure that employees are well prepared for the challenges associated with remote work. It also means that businesses must be certain that their security infrastructure is well geared to secure personal and corporate data.

So, in the context of a remote workplace, how can organizations improve their cybersecurity and prevent workers falling prey to hackers?

The hacker’s way in

The remote workplace provides hackers with an increased number of possible attack routes, all of which organizations need to have on their radar. Chief among these concerns is the matter of authentication and authorization.

Last year was the worst on record for the number of data breaches resulting in exposed records and login credentials, and this trend shows no signs of stopping.

Meanwhile, attempted phishing attacks have been an equally common occurrence among workers, who are now receiving more emails than ever before. We’ve seen a sharp spike in phishing attacks and malicious fake domains as hackers attempt to capitalize on the situation, slipping in among legitimate correspondence and imitating colleagues to harvest credentials.

These two security concerns alone highlight the importance of workers staying vigilant and maintaining security awareness in their everyday work. By this we mean ensuring that passwords are randomly generated and unique across different accounts and that they’re using multi-factor authentication wherever possible. Doing so will help prevent attackers from tapping into computers, mobile devices and home wireless networks where they can access sensitive information.

Keeping cybercriminals at bay

When it comes to heightened security risks, businesses must always be thinking about the financial and reputational implications of any sensitive information being exposed. But how can they stay ahead of the hackers?

It falls on businesses to ensure that their security infrastructure is up to the challenge. This means having adequate access to critical resources through SaaS provided services, remote support for field workers, and a security architecture that functions in hybrid operations environments. For companies that have not transitioned to a remote-enabled, open network security architecture for at least some staff, this will likely be a fairly significant challenge.

But beyond this, it involves a culture of security awareness engrained throughout the company. Changes to the security infrastructure must be communicated to staff openly and transparently, as well as coordination between IT, security, HR and operations to ensure there are no gaps in security.

In addition to this, the onus falls on employees to ensure that their security hygiene is up to scratch. The human element is often the weakest link in the security chain, with workers failing to take basic steps to protect themselves against cybercriminals. Employees must adhere to and understand their employer’s security goals and guidelines, engaging in security training and awareness programs to drive cybersmart behavior at home. Doing so will go a long way in helping to keep an organization secure, fending off viruses and other malware.

Tools at your disposal

There are a large number of tools available to help organizations along the way. For example, password managers are an easy solution which can be quickly and seamlessly integrated into existing workflows. Additionally, they often also include multi-factor authentication features that provide additional security measures when people are logging in from different locations than normal.

Implementing these solutions kills two birds with one stone, by also enabling users to generate and store unique passwords for every login. The username and passwords are then stored within a secure vault, where they’re organized and encrypted for safekeeping and ease of access. By using solutions like password managers and turning on multi-factor authentication where available, users can improve their password hygiene, limiting the risk of being hacked.

Remote work done the right way

Ultimately, creating a stronger online security posture takes time and lots of education, but under the current circumstances, we all need to play our part. Businesses must be sure that their security infrastructure can handle the challenges of a remote workforce. But equally, every worker must understand that poor password hygiene, whether it’s failing to change a default password, password reuse or using weak credentials greatly increases the chances of being hacked.

What’s more, they must use security training and awareness programs to drive “cyber smart” behavior not only at work but also at home. Keeping your organization secure should be a priority in any circumstance, but it becomes even more relevant as remote working becomes the norm. When keeping employees and your organization secure, considering the necessary measures to account for this new way of working will go a long way.

LogMeIn updates its LastPass Identity solution with passwordless login for business customers

LogMeIn announced the next major update to its recently released LastPass Identity solution that introduces new ways for an employee to access their work without needing to type a password. This release marks the next phase in the company’s longer-term strategy to redefine cloud identity and expand LastPass for Business into a complete identity offering.

Building on its industry-leading enterprise password management technology, LastPass Identity now delivers a complete passwordless login experience for employees across applications, VPNs and devices (PCs, Macs, Android & iOS mobile devices) through device-native biometric authentication, single sign-on and federated identity integrations, all while giving IT complete control over every access point.

When passwords are estimated to be the root cause of 80 percent of all data breaches and IT is spending approximately four hours per week on password management-related issues alone, it’s clear that passwords continue to be a source of many security risks and employee frustrations.

Going passwordless with LastPass Identity introduces new ways for employees to securely log in to their work accounts and devices without a password in sight, thus eliminating many password-related risks, leading to higher security and employee productivity, while also freeing up resources for IT.

New updates designed to eliminate the need for passwords for end users

Workstation Login: Using the secure, device-native biometric authentication technology of LastPass MFA, Workstation Login enables employees to log into their PCs and Macs using only biometrics, without ever having to type a password.

Eliminating the password results in an improved user experience for employees – a login that is more seamless and secure than a traditional username and password. It also enables IT to implement biometric authentication across every business-critical work device to remain confident that only the right employees are logging in.

With this feature comes “Offline Mode,” which enables employees to securely authenticate their identity no matter where they are – even when they are traveling or without internet – which helps improve security and employee productivity from everywhere.

Okta & Azure AD Federation: LastPass is expanding its portfolio of federated identity integrations to give IT teams greater flexibility to integrate LastPass into existing IT ecosystems to offer employees a passwordless experience, regardless of their current identity provider.

LastPass’ business solutions now support federation with Okta and Azure Active Directory in addition to Microsoft Active Directory. Organizations who use Okta, Azure AD or AD as their identity provider can now federate into LastPass so that once employees are logged into their identity provider, the LastPass Master Password is no longer needed.

“For over a decade, LastPass has made it easier for thousands of businesses and millions of users to improve their password security and safeguard their digital assets.

“The truth of the matter is, passwords aren’t fully going away; there are still some use cases where you have to manage passwords behind the scenes in order to provide that passwordless login experience for the user,” said John Bennett, SVP & GM of Identity & Access Management at LogMeIn.

“As a leader in managing passwords, we believe we are uniquely positioned to help businesses provide the best balance of strong security and user experience. Our LastPass Identity solution does that by enabling IT to manage every password behind the scenes while also giving employees a simple, truly passwordless experience.

“We are committed to continuing to build on our identity and access management capabilities designed to enable businesses to simply and securely address current and emerging access and authentication challenges.”