ITSC introduced Passwordless Strategy in 2020 Fall issue of Channel and it went pilot in late 2021. For users that are interested, you can now opt-in to try passwordless authentication.
Besides, we have recently extended the scope of Passwordless authentication to CAS logon (or SSO) and users are able to enjoy a seamless passwordless experience. Password will only be needed in very rare occasions. Passwordless is positioned as an alternative to DUO 2FA, providing same level of security protection with better convenience. See below reasons why password-based authentication is obsolete:
- Password is inconvenient, especially if complex combination is required
- long password is hard to remember
- non-alphabet password is difficult to type, especially when using mobile
- Security weakness - easily being attacked because you type it on many different devices and in many occasions, increasing the chance of being eavesdropped
- Need to be coupled with 2FA to make the authentication process secure, making it cumbersome
- Overall, it is costly for both users and IT support
Implementation in HKUST
ITSC implemented Passwordless using Microsoft technology in the following services.
| Browser-based SSO (CAS logon) using Microsoft Authenticator APP | Window 10/11 Sign On using Window Hello for Business (WHFB) | |
| Introduction | Microsoft Authenticator is a mobile app for Azure MFA and Passwordless. In a situation if the Authenticator app cannot be used or network is not available, the login flow can fall back to password and MFA. |
|
| Usage Scenarios | Sign on CAS and Office 365 apps with your mobile only, usually with the added security of biometric verification available in your mobile device |
|
| Requirements |
|
|
| Getting Start |
|
|
| Note |