The challenges are many. Beyond legacy industrial systems, homegrown apps, door/facility access systems, and IoT, even routine workgroup deployment of passwordless solutions is anything but routine. Different operating systems and specialized access requirements typically translate to enterprises needing to roll out multiple passwordless packages, which can be expensive and time-consuming, and create operational delays and other friction. Worst of all, it can create new security holes as attackers try to slip between the cracks of those multiple passwordless systems.
Security analysts and practitioners see most enterprises able to cover anywhere from 75% to 85% of their threat landscape with existing passwordless options. But that last 15%, which includes the most passwordless-resistant systems, is where the real headaches materialize.
“It will be difficult to close that last 15% especially in operational technology environments with embedded systems and industrial controls,”says Will Townsend, a VP and principal analyst at Moor Insights & Strategy. “The lift will be particularly difficult with OT, IoT, and embedded Linux. And anything in the manufacturing space.”
