- Identity Jedi Newsletter
- Posts
- Let's talk about Authentication
Let's talk about Authentication
The 89th Edition of the Identity Jedi Newsletter
Learn AI in 5 Minutes a Day
AI Tool Report is one of the fastest-growing and most respected newsletters in the world, with over 550,000 readers from companies like OpenAI, Nvidia, Meta, Microsoft, and more.
Our research team spends hundreds of hours a week summarizing the latest news, and finding you the best opportunities to save time and earn more using AI.
Shout out to our Sponsor AI Tool Report. Look folks, AI is here to stay so might as well learn all you can. Check out the AI Tool Report newsletter, all the latest in one place!
Hey Jedi, welcome to the 89th edition of the Identity Jedi Newsletter. This week, as we roll through Cybersecurity Awareness month, we are going to dive into the world of authentication. Fitting as this, earlier this week, there was an entire conference about this very subject. Down in lovely Carlsbad, CA, identity nerds ( said with all the love in the world) gathered at Authenticate. Also, some little company that started with an O had their user conference in Vegas. ( I’m kidding, Okta, you know I love you….like a third cousin). In preparation for this, it dawned on me that there is SO much to talk about in terms of authentication. So, I focused on user authentication in this edition and’ll drop a blog on Workload/Machine identity tomorrow. Also, I wanted to talk about some authorization stuff as well, but this thing would have been 10,000 words. So check the Community Blogs for drops on that over the next few days.
LET’S GET TO THE GOOD STUFF!!
But before we do…quick PSA. We are on a mission to get to 1,000 subs by the end of the year. It’s a big goal, but I know we can do it. So, for every edition until we cross it, I’ll add a new section that shows our current count and update us on how we did last week.
GOAL TO 1k!
Current Count: 456
Net New Subs Since Last Edition: -12 🥺
This week's edition
Some news and insights from around the world ( literally) of authentication this week.
CyberRisk TV Coverage of Oktane
WARNING- The video is 3 hours long, but it’s Youtube so you can skip around to the interview parts. Some interesting conversations around the world of AI Agents. ( Did anyone else get a Mr. Smith flashback)
Authenticate Recaps
It’s just like we were there! Ya know just without the ocean breeze, and mild temperatures of Carlsbad, CA. ( No I’m not jealous I wasn’t there, you’re jealous)
Good breakdowns by the FIDO staff on all the things that went down at Authenticate this year
TL;DR Versions:
Day One ( Damn you Amazon,this will forever be a thing to me… if you know you know)
Day 1 of Authenticate 2024 centered around passkey adoption, with panels exploring research on workforce deployment and challenges like complexity and cost. Key sessions included insights from companies like Yahoo, Google, and Microsoft on the benefits of passkeys, user experiences, and technical innovations such as CTAP 2.1. Highlights included the ROI of passkeys, the successful adoption in Japan, and discussions on overcoming fear, friction, and flow in authentication processes. Keynotes emphasized the importance of collaboration to drive passkey adoption globally. ( I’ve got some thoughts on this later)
Day Two
Day 2 of Authenticate 2024 focused on advancements in passkey technology, with speakers from Cisco, Sony, Google, Amazon, and others discussing innovations like device-bound session credentials, passkey autofill, and shared signals frameworks. Notable case studies included Sony PlayStation’s passwordless journey and Amazon’s large-scale passkey deployment. The U.S. Federal Reserve, CISA, and other government entities shared insights into secure authentication. The day highlighted the growing adoption of passkeys across various sectors and the future of passwordless authentication.
Passkey Adoption: Same Challenges, New Stakes – Lessons from IGA
The adoption of passkeys has presented a number of challenges for companies, reminiscent of the hurdles faced in the early days of Identity Governance and Administration (IGA). While passkeys promise a future where we can finally ditch those pesky passwords (goodbye, “Password123!”), many organizations are stumbling at the starting line. The root cause? A familiar one: poor internal communication and lack of stakeholder buy-in.
You’d think we would have learned from the past, but here we are, trying to implement new technologies with the same old missteps. Let’s unpack this and see how some IGA lessons might help us get our passkey game on point.
The Passkey Problem
On paper, passkeys sound like a no-brainer. They’re more secure, convenient, and eliminate one of the most common security weaknesses: bad password habits. Yet, much like when IGA systems were first being introduced, companies are struggling to get everyone on board.
One of the key issues is that passkeys don’t just impact the IT department—they impact everyone. From the intern who’s still trying to remember where the “Any Key” is, to the CEO who probably hasn’t changed their password in years. ( Yes CEO’s we are watching you)
Unlike many backend systems, passkeys sit right in front of users, changing the way they log in, authenticate, and interact with systems.
The trouble comes when organizations underestimate the importance of proper planning, stakeholder engagement, and internal communication. It’s not just about flipping a switch. To adopt passkeys effectively, companies need to clearly understand the use cases, gather input from all corners of the business, and prepare everyone for the change. Sadly, many organizations charge ahead without taking these steps, only to face resistance from confused or frustrated users. Just because WE think it’s cool, and more secure, doesn’t mean the user’s give a shit.
Lack of Internal Communication
Remember when IGA first made its debut? Organizations struggled with understanding exactly what they were trying to govern and why it mattered. That lack of clarity meant that stakeholders—particularly outside of IT—often saw IGA as just another complicated project that didn’t affect them.
With passkeys, we’re seeing the same issues. IT teams understand the value, but many businesses fail to communicate the “why” to end users. And if there’s anything we’ve learned from IGA, it’s that change management is essential. If you don’t communicate the benefits and impact to users, you’ll find yourself staring at a sea of people clinging to their sticky-note passwords like they’re life rafts.
And let’s be real, you can’t just email out a quick “We’re moving to passkeys. Best, IT” memo and expect smooth sailing. People need to understand the how and why—how this change will make their lives easier (no more “forgot password” resets!), and why it’s crucial for security (protecting your company’s data and reducing breaches). Without clear, proactive communication, companies will find themselves running into roadblocks.
Lack of Stakeholder Buy-in
Stakeholder buy-in—or the lack thereof—was a notorious issue during the early IGA days. The problem was often that key stakeholders didn’t see the immediate value. With passkeys, it’s even more critical to gain buy-in early, especially from non-technical teams like HR, legal, and user support teams who are on the frontlines of adoption.
Why is it more critical now? Because passkeys touch so many parts of the organization directly. They’re not just a back-end system upgrade that quietly hums along in the background. Passkeys impact the daily user experience, so if your customer-facing teams aren’t on board and fully educated, the confusion can snowball quickly. And once your users start pushing back, good luck reeling them back in.
The IGA Playbook: How We Can Apply the Lessons
So, what can we learn from our IGA struggles to help smooth the road to passkey adoption? Spoiler: a lot. Let’s break it down:
1. Get Stakeholder Buy-In Early: Just like with IGA, success hinges on getting buy-in from a wide range of stakeholders across the business. From security teams to end users, everyone needs to understand the value passkeys bring. Don’t wait until rollout day to bring them into the fold—start with workshops, demos, and discussions well in advance.
2. Clearly Understand and Articulate Use Cases: Why are you moving to passkeys? What specific problems are you solving? Much like with IGA, you need to outline clear, tangible use cases. Whether it’s reducing password-related security incidents or improving user experience, stakeholders need to see the benefits. This isn’t just about IT; it’s about how the whole business operates.
3. Collaborate with the Business: A top-down approach doesn’t work here. You need cross-functional collaboration. Involve HR, legal, customer support, and other departments early on. Their insights will be crucial in ensuring a smooth transition. Much like IGA implementations that required collaboration to align business processes with security policies, passkey adoption needs that same level of teamwork.
In the end, the same approach that helped IGA succeed can help passkeys take off—stakeholder engagement, clear communication, and collaboration with the business. And who knows, maybe with the right approach, we’ll be able to retire the phrase “forgot my password” for good. Password managers, you might want to start looking for a new gig!
Except you 1Password….we love you pookie, FOREVA
Identity Jedi Show Podcast
The Last Word
Quick Story about Carlsbad, CA. In my formative teenage years, I spent almost every summer there. My family had a place ( still does) right by the beach. I HATED it as a kid. Carlsbad is boring AF, when you are 13 years old. But as I grew older, I came to love it. I try to get there once a year and enjoy the time by the beach and just the Carlsbad of it all. It’s kinda hard to explain, it’s a small city, friendly people, local restaurants, and just everything I love about California. I’m grateful now for all the years I spent with my mom and stepdad hanging out there. Even though then I was an absolute dick about it.
The joys of life.
Moral of the story: We all sucks as kids, give your’s a break. And I just wanted to talk about Carlsbad..lol.
See ya! 👋🏿
Be Good to each other, Be Kind to each other, Love each other
P.S - I’ve been including Audio versions of the newsletter when you read it online. Each time I’ve been selecting a different voice. Be a gem, and check them out and let me know which voice you like best. Also there is one post where I included my voice. Can you find it!?
-Identity Jedi
What did you think of this weeks newsletter? |
Reply