Many enterprises are planning to shift towards passwordless authentication for their managed Chromebooks. Passwords have been proven to be a weak form of security, so it’s in everyone’s best interest to adopt a passwordless form of authentication.
There are several forms of passwordless authentication to choose from, including Digital Certificates, biometrics, and hardware token codes. However, the most secure option will always be a combination of the above; combining several authentication methods is called multi-factor authentication (MFA).
Fortunately, it’s pretty simple to improve your Google Chromebook authentication security – without huge network overhauls. Want to learn more? Read on to learn about protecting Chromebooks with 802.1X on a WPA2-Enterprise network.
Types of passwordless authentication:
One-time code (one-time password / OTP) authentication
During authentication, the user will enter their mobile number or E-mail and then get a message notification with a one-time code. The user will authenticate the service by entering the one-time code.
While it technically does include a password, the one-use nature of the key and the inherent MFA make it a reasonably secure option.
Magic Link
A Magic link is a link that the user can use only once during the authentication process. The user will receive a hyperlink through their associated mobile number or E-mail, and they can authenticate without entering a password.
Biometrics
Biometrics are a common type of passwordless authentication that allow the user authenticate the service using a “who you are” factor of authentication. Typically biometrics takes the form of a fingerprint scanner or face scanner, but may also simply be a touch-enabled key (such as the Yubikey biometric security).
X.509 Digital Certificates
Digital certificates are currently the most powerful method of authentication security because they rely on ironclad asymmetric cryptography. Certificates have to be created and managed by a Public Key Infrastructure, but they are a 1:1 replacement for passwords with enormous UX and cybersecurity benefits.
Benefits Of Using Certificates for Passwordless Authentication
Eliminate Phishing Attacks
Phishing is the most common type of cyber security attack in which attackers impersonate someone in order to manipulate the victim. S/MIME, a certificate-enabled security measure, is a critical defense against phishing emails – it identifies that the sender is who they say they are, and that the email hasn’t been tampered with en route.
Improve User Experience
Password management is the bane of everyone’s existence – end users and admins alike. What if I told you there was a better way?
Certificates, unlike passwords, do not have a passphrase need to be remembered. They also don’t need to have 60-day password reset policies, since certificates can’t be moved or stolen from a device. Our customers see an up to 50% decline in support tickets after switching to certificates – just by eliminating password management related issues.
Enhance Network Visibility
Perhaps the best advantage of certificates is that they give unparalleled identity context about the user or device they are distributed to. They carry all kinds of (customizable) information about the entity they represent, and can be monitored to facilitate network visibility and enhanced tracking and analytics. Furthermore, you can use certificates to authenticate to many applications or cloud services, extending your visibility beyond your own network.
Passwordless Authentication for Chromebooks
Passwordless authentication for Chromebooks via X.509 digital certificates is the best way to improve both your network authentication security and end-user experience in one fell swoop. You can configure certificates to access not just their Google identities, but also for dekstop, Wi-Fi, or VPN login.
You can configure chromebooks with certificate-based authentication (CBA) with or without Google Workspace. A vendor-neutral option like SecureW2 can integrate into your existing infrastructure to establish a PKI without forklift upgrades, simultaneously tying together your network security stack.
Want to know what that looks like? Below are the steps for configuring passwordless authentication for Chromebooks using SecureW2 and Google Workspace.
How to Configure Google Admin Console for Certificate Enrollment:
The Google Admin Console will permit the admin to access and manage their G-Workspace services. We will configure certificate enrollment for a sample device. After the configuration, the Chromebook verifies the access token, and it can able to verify the certificate for enrollment from the end-user.
Steps to allow access to SecureW2 Account for Google Chrome Verified Access:
- To access the service account for enrolling the certificate, Select the Device Management -> Chrome -> Management -> Device Settings -> Enrollment & Access -> Verified Access.
- Select Enable for content protection from the drop-down list in the Verified Access Field.
- Select the required verified mode for the verified access from the drop-down list in the Verified mode field.
How to Configure the JoinNow MultiOS Extension for Certificate Enrollment from the Google Admin Console:
The User Admin should install the SecureW2 JoinNow MultiOS Extension on the Chromebook. Through JoinNow MultiOS Extension, the admin can enroll the certificate with a few simple steps. The JoinNow MultiOS will configure the Google Admin Console to install the Chromebook.
Steps to Configure the JoinNow MultiOS Extension From Google Admin Console:
- In the Google Admin Console, Select Chrome Management → click User and Browser Settings → and click Apps and Extensions.
- Select the organizational unit (OU) on the left panel side and go to the USERS & BROWSERS section.
- Click the + option in the add chrome app or type the extension ID in the id pop up
And then click Save.
The User Admin will receive the digital certificates after the successful enrollment and the configuration of JoinNow MultiOS from the Google Admin Console.
It’s that simple!
Enable Passwordless Authentication for Chromebooks
Passwordless authentication offers a better user experience and helps to decrease the time and cost of managing Chromebooks. Passwords can be replaced with digital certificates, which provide better security and safeguard your device from cyberattacks.
SecureW2’s Cloud PKI (and complementary Cloud RADIUS) are the solution to enable passwordless, cloud authentication for your Chromebook fleet. We have affordable options for organizations of every size, click here to see our pricing.