BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Password-less Authentication for Administrators Using PowerBroker for Windows

April 30, 2018

  • Blog
  • Archive

blog-password-less-authentication.jpg

Microsoft has been touting their new password-less authentication technology and integration with hardware vendors. If you have not seen what this is all about, I suggest you watch this Ignite session from late last year to understand some of the principals. In summary, whether it is using biometrics in conjunction with Microsoft Hello technology, or a smartphone to provide a form of two-factor authentication (potentially FIDO compliant), the concept is the same – you are using unique traits about yourself, the technology you have in your possession, and strong cryptography to verify your identity.

But here is the rub. What if this works perfectly and authenticates you to a system as a Standard User (a security best practice), but you need administrator access to add a printer or execute an application? You have choices like Microsoft LAPS, but that will expose the local administrator password, which creates unwelcome risks. So how do you grant access to a feature or application as an administrator and continue the password-less paradigm? PowerBroker for Windows can make that happen on desktops and servers—even if no biometrics are available.

How PowerBroker for Windows can help achieve password-less authentication

PowerBroker for Windows is a patented solution that can apply application recognition based on user or asset, and is context-aware to elevate a program or operating system feature to administrator (or with a custom token) to precise privileges needed to execute, without requiring a password or responding to a UAC prompt.

When you think about it, this is really a huge deal. Microsoft is enabling users to logon to systems without passwords and PowerBroker for Windows can selectively elevate applications to administrative privilege—all without a single password being entered! And, if the application being elevated needs real domain or local administrative rights due to legacy dependencies, PowerBroker for Windows can seamlessly integrate into PowerBroker Password Safe to retrieve a legacy password via a secure API, and also apply it to the application as a "Run As" without ever exposing the password to the end user. This means that regardless of the application is running locally as an administrator, or must communicate over the network with legacy password-based credentials, it will work as a password-less solution in compliance with Microsoft's latest initiatives to remove passwords from the needs of users.

While the cybersecurity community has identified passwords as one of the weakest security links, initiatives like password-less authentication are designed to bolster authentication and remove the burden from end users. The end result makes it harder for threat actors to compromise credentials and elevate privileges. Using a password-less system just became easy with PowerBroker for Windows since now you can even elevate applications without needing a password.

For more on how PowerBroker for Windows can help, request a demo or contact us today.

Photograph of Morey J. Haber

Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

Whitepapers

The Operational Technology (OT) Remote Access Challenge

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.