Removing Passwords, Without Compromising Security
In today’s complex IT landscape, one of the biggest problems faced by a Chief Information Security Officer (CISO) and their IT security team are forgotten and stolen passwords. On average, employees lose 11 hours per year resetting passwords and an average company spends ~$5M per year on setting and resetting passwords. And this is just the cost of resetting passwords. A stolen password can cost a company even more than that.
How can companies safely verify user identities without using passwords? Learn how Cisco did it for our 130,000-employee workforce using our Duo Passwordless solution and how the Duo Care team played a vital role in making that process easy and seamless.
Duo offers an industry-leading passwordless solution. So how did we go about implementing this for a huge enterprise like Cisco? We started with the pre-requisites.
Pre-Requisites
Passwordless uses passkeys and platform authenticators as one of the many ways to secure application access without passwords. Cisco went with the following options, as all of their workforce has devices which support one of the following:
Windows Hello for Windows devices
Touch ID for macOS devices
Face ID or Touch ID for iOS and iPadOS devices
Android Biometrics, such as Pixel fingerprint or facial recognition, or Samsung fingerprint or facial recognition
Duo Passwordless supports Chrome (Desktop and Mobile), Safari (Desktop and Mobile), Edge and Firefox. Since these are standard and supported browsers at Cisco, the decision to move to Duo Passwordless was easy.
Phased rollout
Although most employee devices include supported platform authenticators, not all were enabled. Therefore, Cisco planned the rollout of passwordless in phases across its entire workforce of ~130,000 employees.
Before each of these phases, Cisco did an extensive email campaign and published FAQs on how to enable Platform Authenticators and the security benefits which come with Duo Passwordless.
Phase 1: This was the initial phase, where Duo Passwordless was enabled for a small set of pilot users.
Phase 2: Duo Passwordless was expanded to ~20,000 members of the Cisco Workforce.
Phase 3: Duo Passwordless was expanded to ~60,000 members of the Cisco Workforce.
Phase 4: Duo Passwordless was rolled out to everyone in Cisco.
It took Cisco a total of 10 months from the initial launch of Duo Passwordless to enabling it for all of their workforce. For a company the size of Cisco, this was a fairly quick turnaround from initial Pilot to Duo Passwordless general availability for their entire workforce. Generally, speaking, rollout times vary based on the number of employees, devices capabilities and applications.
How do you track success?
During each phase of the rollout, the Duo Care team worked closely with Cisco IT to provide detailed metrics on user enrollments. These metrics included details on how many users had successfully signed up for Duo Passwordless, how many users had skipped enrollment manually and how many users were auto-skipped due to their devices missing any of the above-mentioned platform authenticators. These metrics helped Cisco IT reach out to the users directly and work with them to get them enrolled with Duo Passwordless.
The other big metric which was tracked was the reduction in help desk tickets for Password resets. Since Cisco made Duo Passwordless generally available for all of its ~130k workforce in August 2023, we have seen ~73,000 users in Cisco enroll in Duo Passwordless. This enrollment has caused the overall number of password reset-related help desk tickets to decrease by ~12%. The Duo Care team is working closely with Cisco to get their remaining workforce enrolled with Duo Passwordless.
Is your organization ready for Duo Passwordless?
If you are just as excited about Duo Passwordless and want to see how it can benefit your organization with better security and reduced password resets, take action today!
For Duo Care Customers:
Send an email to your Customer Success Manager – alongside your dedicated Customer Solutions Engineer, they will be ready to schedule a call to help you get started!
For All Other Paid Subscribers:
View Duo Passwordless Documentation
And if you are interested in adding Duo Care Premium Support to your current contract, please send an email to your Cisco Account Manager.