By: Jean Chorazyczewski, InCommon Academy Director
Estimated reading time: 6 minutes
In a time where digital security is paramount, higher education institutions face unprecedented challenges in protecting their vast digital ecosystems. From student records to groundbreaking research data, the stakes have never been higher.
Enter passkeys: a revolutionary approach to authentication that promises to enhance security and simplify the user experience — an uncommon pairing in the realm of cybersecurity.
The Urgent Need for Passwordless Authentication in Higher Education
Recently published statistics paint a stark picture of the current cybersecurity landscape in academia:
- Phishing attacks are the #1 source of cyber attacks (CISA, 2023)
- 75% of ransomware attacks begin with email phishing (CUTimes, 2023)
- Higher education institutions face an average ransomware remediation cost of $1.42 million (Educause, 2023)
These numbers underscore a critical vulnerability in current authentication systems. Passwords, a cornerstone of digital security, have become a potential liability in the face of increasingly sophisticated cyber threats.
But what exactly are passkeys, and how do they differ from traditional passwords?
Unlike passwords, which are secret strings of characters that users must remember and manually enter, passkeys are cryptographic key pairs that provide a more secure and user-friendly authentication method. Passkeys leverage biometric or device-specific authentication, eliminating the vulnerabilities associated with traditional passwords while significantly enhancing the user experience.
UMBC’s Pioneering Journey with Passkeys
To dig deeper into this issue and explore innovative solutions, we’ve invited two experts to share their insights in an upcoming IAM Online webinar:
Passkeys: What You Should Know and UMBC’s Implementation Journey
Wednesday, September 18, 2024, 1:00 PM ET
Join Paul Riddle, senior middleware architect at the University of Maryland, Baltimore County (UMBC), and Drew Capener, software engineer at Omnibond, as they provide a comprehensive overview of passwordless authentication using passkeys.
Omnibond
University of Maryland, Baltimore County
Role/Title:
- Paul Riddle, senior middleware architect at UMBC
- Drew Capener, software engineer at Omnibond
Number of Years in Current Role:
- Paul Riddle, 16 years
- Drew Capener, 2 years
Total Years at Institution/Organization:
- Paul Riddle, 25 years
- Drew Capener, 2 years
Best IAM Advice Your Ever Received (& from whom):
- (Riddle) It isn’t advice I received from someone else, but something I learned the hard way: Always test changes to your SSO system before rolling them out to production, no matter how innocuous they may seem! There’s nothing worse than hearing from your users that something is broken and then realizing it was your “minor” change that broke it.
The two will talk about deploying this technology in a research and education context, sharing UMBC’s firsthand experience implementing passwordless authentication on their Shibboleth IDP using Omnibond’s passwordless plugin, OmniPasskey.
To preview this discussion on passkeys, we’ve asked our speakers to answer a few key questions:
Paul Riddle: “The urgency of adopting passwordless authentication
in higher education is important. We’re seeing more and more cybersecurity threats, with phishing attacks at
the forefront. These are real risks to our institutions, our research, and our students’
data.
What’s particularly alarming is the rise of AI-powered phishing attempts. These
sophisticated attacks are becoming increasingly difficult to detect, making traditional password-based
systems more vulnerable than ever.
We’re also facing a user experience crisis. Password fatigue
is real, and affects the adoption of important security measures like
multi-factor authentication (MFA). By adopting passkeys, we’re not just boosting security — we’re
improving the user experience for our entire campus community.
Why now? With major tech giants
like Microsoft, Apple, and Google throwing their weight behind passkeys in their 2022 joint announcement,
we’re seeing a major shift in the authentication landscape. Higher education has a unique opportunity to
lead in this transition, setting the standard for secure, user-friendly authentication.”
Drew Capener: “Implementing new authentication systems can
be challenging, especially for institutions with limited resources. We’ve designed OmniPasskey to address these challenges head-on.
One of
the biggest hurdles is integration with existing systems. OmniPasskey operates via a Shibboleth IDP plugin, allowing for seamless
integration with the authentication infrastructure already in place at many
institutions.
Resource constraints are another significant barrier. Many schools just don’t have
the staffpower to develop custom solutions. OmniPasskey bridges this gap by providing an out-of-the-box
solution that’s easy to deploy and manage.”
Paul Riddle: “From our experience at
UMBC, I can attest to these challenges. The newness of passkey technology initially presented a significant
hurdle. Our biggest challenge was finding supporting infrastructure that could work with our existing single
sign-on (SSO) platform, Shibboleth.
For institutions with limited IAM staff resources — which is
most of us — this can be a major roadblock. Some schools making early use of the technology may have
developed their software from scratch, which isn’t feasible for many schools.
This is where
solutions like OmniPasskey become game-changers. They provide that crucial bridge, making passkey technology
accessible to a much broader range of institutions.”
Paul Riddle: “Our journey with passkeys has taught us that successful deployment goes far beyond the technical implementation. It’s a major user-facing change that requires careful coordination across multiple groups within the IT department, from identity management and security teams to our front-line help desk staff.”
Paul Riddle: “My primary advice would be: take it slow and be
deliberate in your approach. Start small with a group of tech-savvy early adopters who can provide valuable
feedback. Use this initial phase to iron out any kinks in your deployment process and gather insights on
user experience.
As you gradually widen the net, maintain open lines of communication. Ensure
that your help desk staff are well-informed and prepared to assist users with the transition. Remember, for
many users, this will be their first encounter with passkey technology. Clear communication about what to
expect and how to use the new system is key to successful adoption.”
Paul Riddle: “First and foremost, we want attendees to understand
the critical importance of deploying passkeys from a security standpoint. The threats we face are evolving
rapidly, and passkeys offer a robust defense against many of the most urgent cybersecurity
challenges.
Secondly, we hope to demystify the implementation process. Many institutions might be
hesitant, thinking that deploying passkeys is a complex, resource-intensive process. We want to show that
with the right approach and tools like OmniPasskey, the transition can be more straightforward than you
might think.”
Join us for IAM Online
Don’t miss this opportunity to learn from UMBC’s experience and gain invaluable insights into the future of campus authentication. Please join us online for “Passkeys: What You Should Know and UMBC’s Implementation Journey” on Wednesday, Sept. 18, 2024 at 1:00 p.m. ET.
- Have you already registered for IAM Online in the last year? You will automatically receive Zoom coordinates for current and future IAM Online webinars—you only need to register once.
- Yet to attend an IAM Online webinar? Register today for free!
- Webinar details will be emailed directly to all registrants on the morning of the event.
Do you have ideas for IAM Webinars you would like to watch? Fill out this form and let us know what you’d like to see.