GOAL TO 1k!

Current Count: 460

Net New Subs Since Last Edition: -12 🥺

CyberRisk TV Coverage of Oktane

WARNING- The video is 3 hours long, but it’s Youtube so you can skip around to the interview parts. Some interesting conversations around the world of AI Agents. ( Did anyone else get a Mr. Smith flashback)

Authenticate Recaps

It’s just like we were there! Ya know just without the ocean breeze, and mild temperatures of Carlsbad, CA. ( No I’m not jealous I wasn’t there, you’re jealous)

Good breakdowns by the FIDO staff on all the things that went down at Authenticate this year

TL;DR Versions:

Day One ( Damn you Amazon,this will forever be a thing to me… if you know you know)

Day 1 of Authenticate 2024 centered around passkey adoption, with panels exploring research on workforce deployment and challenges like complexity and cost. Key sessions included insights from companies like Yahoo, Google, and Microsoft on the benefits of passkeys, user experiences, and technical innovations such as CTAP 2.1. Highlights included the ROI of passkeys, the successful adoption in Japan, and discussions on overcoming fear, friction, and flow in authentication processes. Keynotes emphasized the importance of collaboration to drive passkey adoption globally. ( I’ve got some thoughts on this later)

Day Two

Day 2 of Authenticate 2024 focused on advancements in passkey technology, with speakers from Cisco, Sony, Google, Amazon, and others discussing innovations like device-bound session credentials, passkey autofill, and shared signals frameworks. Notable case studies included Sony PlayStation’s passwordless journey and Amazon’s large-scale passkey deployment. The U.S. Federal Reserve, CISA, and other government entities shared insights into secure authentication. The day highlighted the growing adoption of passkeys across various sectors and the future of passwordless authentication.

Passkey Adoption: Same Challenges, New Stakes – Lessons from IGA

The adoption of passkeys has presented a number of challenges for companies, reminiscent of the hurdles faced in the early days of Identity Governance and Administration (IGA). While passkeys promise a future where we can finally ditch those pesky passwords (goodbye, “Password123!”), many organizations are stumbling at the starting line. The root cause? A familiar one: poor internal communication and lack of stakeholder buy-in.

You’d think we would have learned from the past, but here we are, trying to implement new technologies with the same old missteps. Let’s unpack this and see how some IGA lessons might help us get our passkey game on point.

The Passkey Problem

On paper, passkeys sound like a no-brainer. They’re more secure, convenient, and eliminate one of the most common security weaknesses: bad password habits. Yet, much like when IGA systems were first being introduced, companies are struggling to get everyone on board.

One of the key issues is that passkeys don’t just impact the IT department—they impact everyone. From the intern who’s still trying to remember where the “Any Key” is, to the CEO who probably hasn’t changed their password in years. ( Yes CEO’s we are watching you)

Unlike many backend systems, passkeys sit right in front of users, changing the way they log in, authenticate, and interact with systems.

The trouble comes when organizations underestimate the importance of proper planning, stakeholder engagement, and internal communication. It’s not just about flipping a switch. To adopt passkeys effectively, companies need to clearly understand the use cases, gather input from all corners of the business, and prepare everyone for the change. Sadly, many organizations charge ahead without taking these steps, only to face resistance from confused or frustrated users. Just because WE think it’s cool, and more secure, doesn’t mean the user’s give a shit.

Lack of Internal Communication

Remember when IGA first made its debut? Organizations struggled with understanding exactly what they were trying to govern and why it mattered. That lack of clarity meant that stakeholders—particularly outside of IT—often saw IGA as just another complicated project that didn’t affect them.

With passkeys, we’re seeing the same issues. IT teams understand the value, but many businesses fail to communicate the “why” to end users. And if there’s anything we’ve learned from IGA, it’s that change management is essential. If you don’t communicate the benefits and impact to users, you’ll find yourself staring at a sea of people clinging to their sticky-note passwords like they’re life rafts.

And let’s be real, you can’t just email out a quick “We’re moving to passkeys. Best, IT” memo and expect smooth sailing. People need to understand the how and why—how this change will make their lives easier (no more “forgot password” resets!), and why it’s crucial for security (protecting your company’s data and reducing breaches). Without clear, proactive communication, companies will find themselves running into roadblocks.

Lack of Stakeholder Buy-in

Stakeholder buy-in—or the lack thereof—was a notorious issue during the early IGA days. The problem was often that key stakeholders didn’t see the immediate value. With passkeys, it’s even more critical to gain buy-in early, especially from non-technical teams like HR, legal, and user support teams who are on the frontlines of adoption.

Why is it more critical now? Because passkeys touch so many parts of the organization directly. They’re not just a back-end system upgrade that quietly hums along in the background. Passkeys impact the daily user experience, so if your customer-facing teams aren’t on board and fully educated, the confusion can snowball quickly. And once your users start pushing back, good luck reeling them back in.

The IGA Playbook: How We Can Apply the Lessons

So, what can we learn from our IGA struggles to help smooth the road to passkey adoption? Spoiler: a lot. Let’s break it down:

1. Get Stakeholder Buy-In Early: Just like with IGA, success hinges on getting buy-in from a wide range of stakeholders across the business. From security teams to end users, everyone needs to understand the value passkeys bring. Don’t wait until rollout day to bring them into the fold—start with workshops, demos, and discussions well in advance.

2. Clearly Understand and Articulate Use Cases: Why are you moving to passkeys? What specific problems are you solving? Much like with IGA, you need to outline clear, tangible use cases. Whether it’s reducing password-related security incidents or improving user experience, stakeholders need to see the benefits. This isn’t just about IT; it’s about how the whole business operates.

3. Collaborate with the Business: A top-down approach doesn’t work here. You need cross-functional collaboration. Involve HR, legal, customer support, and other departments early on. Their insights will be crucial in ensuring a smooth transition. Much like IGA implementations that required collaboration to align business processes with security policies, passkey adoption needs that same level of teamwork.

In the end, the same approach that helped IGA succeed can help passkeys take off—stakeholder engagement, clear communication, and collaboration with the business. And who knows, maybe with the right approach, we’ll be able to retire the phrase “forgot my password” for good. Password managers, you might want to start looking for a new gig!

Except you 1Password….we love you pookie, FOREVA