10,000 employees at Stanley Black & Decker go passwordless
Here’s how TruU’s Passwordless Protection could make hybrid work easier and beef up security in the enterprise.
We all know the frustration of trying to log into an account—work email, content management system, messaging platform—and being locked out because we forgot our password. But not only are password-logins a hassle, they also pose a real security threat: Hackers are constantly finding new ways to figure out our passwords and gain access to important data. Stanley Black & Decker has been working with TrueU since 2018, and the passwordless protection they offered “sounded too good to be true,” said Rhonda Gass, VP and chief information officer.
“We constantly face the challenge of cybersecurity controls, compliance controls and constraints, passwords and identity management, and we want to be innovative,” Gass said. By using TrueU’s technology, she believes the company will free up employees to innovate.
The product, TruIdentity Cloud, is application-wide, which was an appealing factor, Gass said. That means it’s starting out with PCs, but will move to Macs, virtual desktops, and anything SSO-enabled.
SEE: Security incident response policy (TechRepublic Premium)
TruU’s AI-based system uses “seamless presence-based identity using environmental and biometric factors,” according to the company. It’s an end-to-end use case with enterprise-wide coverage, physical authentication, continuous identification, and self-service tools.
Passwordless security is on the rise—check out our previous reporting on other companies offering tools to move us toward a passwordless future—and will likely include a mix of multifactor authentication like biometric verification, and passive signals that may ask a user for additional verification.
“The market is more digital now than ever before,” said David Mahdi, Gartner Research VP. But passwords have “massive usability issues. We can’t move towards a digital future if we’re using the archaic approach of using passwords.”
It makes no sense for devices like smartwatches to require long passwords, Mahdi said.
While a lot of the vendors out there focus on “logical use cases,” such as logging into Windows or cloud-based environments, Mahdi said, Stanley Black & Decker is doing something “unique” by offering the “potential to converge physical and logical access”—meaning a device could use facial recognition or a fingerprint, for instance, to double-check the identity of the user, in case something appears fishy.
Stanley Black & Decker’s move to passwordless is “another strong data point that, ‘hey, organizations are sick and tired of this,” Mahdi said. While companies could choose to spend their money in many different ways to strengthen security, he thinks that going passwordless offers a great “bang for your buck.”
“Frankly, dealing with authentication or passwordless does really have a measurable, positive impact on your overall security,” he added.
Especially as employees move to the hybrid workspace, ensuring security and easing the login process is a top priority. The move is part of Stanley Black & Decker’s “defense-in-depth approach,” Gass said. “We need protection across the whole landscape.”
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
Previously employees at Stanley Black & Decker were saddled with long, complex passwords, which needed to be changed frequently. “We didn’t want the password to be so complex that people were writing them down on sticky notes and carrying them around with them,” Gass said. “And now, we don’t have to worry about that.”