Microsoft has been touting their new password-less authentication technology and integration with hardware vendors. If you have not seen what this is all about, I suggest you watch this Ignite session from late last year to understand some of the principals. In summary, whether it is using biometrics in conjunction with Microsoft Hello technology, or a smartphone to provide a form of two-factor authentication (potentially FIDO compliant), the concept is the same – you are using unique traits about yourself, the technology you have in your possession, and strong cryptography to verify your identity.
But here is the rub. What if this works perfectly and authenticates you to a system as a Standard User (a security best practice), but you need administrator access to add a printer or execute an application? You have choices like Microsoft LAPS, but that will expose the local administrator password, which creates unwelcome risks. So how do you grant access to a feature or application as an administrator and continue the password-less paradigm? PowerBroker for Windows can make that happen on desktops and servers—even if no biometrics are available.
How PowerBroker for Windows can help achieve password-less authentication
PowerBroker for Windows is a patented solution that can apply application recognition based on user or asset, and is context-aware to elevate a program or operating system feature to administrator (or with a custom token) to precise privileges needed to execute, without requiring a password or responding to a UAC prompt.
When you think about it, this is really a huge deal. Microsoft is enabling users to logon to systems without passwords and PowerBroker for Windows can selectively elevate applications to administrative privilege—all without a single password being entered! And, if the application being elevated needs real domain or local administrative rights due to legacy dependencies, PowerBroker for Windows can seamlessly integrate into PowerBroker Password Safe to retrieve a legacy password via a secure API, and also apply it to the application as a "Run As" without ever exposing the password to the end user. This means that regardless of the application is running locally as an administrator, or must communicate over the network with legacy password-based credentials, it will work as a password-less solution in compliance with Microsoft's latest initiatives to remove passwords from the needs of users.
While the cybersecurity community has identified passwords as one of the weakest security links, initiatives like password-less authentication are designed to bolster authentication and remove the burden from end users. The end result makes it harder for threat actors to compromise credentials and elevate privileges. Using a password-less system just became easy with PowerBroker for Windows since now you can even elevate applications without needing a password.
Morey J. Haber, Chief Technology Officer and Chief Information Security Officer at BeyondTrust
Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.