VMWare Brings Derived Credentials to Mobility Space

killpasswordsBy Ashley Troutman and Jeff Edwards

Passwords have been protecting us for generations, but lately they’ve become the target of a lot of criticism, and many now say they’re on the way out. But with the password “dead”, how will we secure our information? Well, according to VMWare, we’ll do it with derived credentials.

If you’re not a fan of giving up your fingerprint for biometrics or dealing with multi-factor authentication, you may like the derived credentials concept. It’s free from complex passwords and offers increased security for mobile devices, and it provides a stronger security posture for your environment, according to VMWare.

A Google search of the term will take you to this page: NIST Special Publication (SP) 800-157, which contains a rather intricate description. And lengthy, too; 33-pages to be exact.

So VMWare attempted to break it down a bit more. They first highlighted that most entering an office building utilize a key card that identifies them and grants entry. And in a public sector environment, staff members normally use Personal Identity Verification (PIV) or Common Access Cards (CAC). The card is also used to gain access to computers. It typically includes several client certificates and one is normally meant for authenticating the network or back-end systems.

When it comes to mobile devices, things get a bit more complex. Both iOS and Android users first implemented third-party smart card readers, which turned out to be costly. NSIT produced the guidelines for deriving PIV credentials for mobile to fix the issue, VMWare reported. The credentials come from an end user’s proven identity and makes the need for a card reader obsolete.

This could be vital for your business as derived credentials improve the authentication process. Help desk calls are reduced and workers are more productive without the frustrations related to lengthy passwords.

“We need derived credentials to drive the complexity out of the end user’s environment. We also need derived credentials to ensure that our data is safer and more secure,” said VMWare.

If you’re interested and want to set up derived credentials with VMWare AirWatch, the vendor says the process is simple. Allow your IT department to configure the correct infrastructure components and then the end user will be able to complete set up in three steps, VMWare reports:

  • IT admin or the end user generates a secure enrollment token.
  • User completes device enrollment using the secure enrollment token.
  • User authenticates to the AirWatch Self-Service Portal using their CAC/PIV and requests a derived credential.

Once these steps are complete, the end user will have a derived credential on their device. It will be ready to go for authentication into email, WiFi, VPN and/or various third-party applications connected to back-end systems.

For more information, click here.

Jeff Edwards
Follow Jeff