Bye-bye, password frustration: Why TEAL is now going passwordless
1007601
wp-singular,post-template-default,single,single-post,postid-1007601,single-format-standard,wp-theme-bridge,wp-child-theme-bridge-child,bridge-core-3.3.4.6,metaslider-plugin,,qode-title-hidden,qode-child-theme-ver-1.0.0,qode-theme-ver-30.8.8.6,qode-theme-bridge,disabled_footer_top,qode_header_in_grid,qode-wpml-enabled,wpb-js-composer js-comp-ver-8.7.2,vc_responsive
chatgpt teal blog part3

03 Mar Bye-bye, password frustration: Why TEAL is now going passwordless

Posted at 07:57h in SAE by

Are you still up for the endless “forgot password” loop or the annoying task of changing special characters every few weeks? As security consultants, we see every day that passwords are not only a security risk, but also slow you down massively in your everyday work.

That’s why we at TEAL have decided to put an end to it. And not just in theory for our customers, but by practicing what we preach.

We are currently in the final phase of our internal transition to a completely passwordless environment. Here you can find out how we are approaching this and why it could be the right path for your company too.

Our approach: If we don’t know our passwords ourselves

Ideally, we want to ensure that we no longer have to deal with this issue.

To achieve this, we at TEAL consistently rely on single sign-on (SSO) via our Microsoft Entra ID tenant. The more services we integrate directly there, the more often we can use scripts to set our account passwords to highly complex random values that are not disclosed to anyone.

The result: We no longer type anything. Access is granted exclusively via modern biometric factors or hardware ownership.

Fabian’s voice: „In our assessments, we repeatedly see how poor password quality can be in some cases. At the same time, managing numerous passwords has become complex. Password managers help, but there must be a better way. That’s why we want to set a good example and prove that it works.“

Why we test this for you (and where the pitfalls lie)

We use the Microsoft ecosystem for this, which we feel at home with anyway. The combination of Windows Hello for Business and Microsoft Authenticator is currently the gold standard for us.

Let’s be honest: the biggest challenge is not the technology in Windows, but the consistent connection of all third-party services to our own identity platform (Entra ID). We still have a few gaps to fill, which is why our password manager can’t quite retire yet.

But we pass on this practical knowledge directly to you. To help you understand where the sticking points are, we have summarized our experiences here:

Focus Area Integration Status at TEAL Target Vision for Your Company
Microsoft 365 & Azure 100% passwordless via Entra ID Complete elimination of passwords
Enterprise SaaS (e.g., Intervalid) SSO via SAML / OIDC active Seamless login experience
Legacy & Niche Tools Partially still using password managers Gradual replacement or integration
Admin Accounts for Our Machines Final testing for passwordless login Maximum protection for privileged access

Technology that works: The path to truly passwordless authentication

We use the Microsoft ecosystem for this, which we feel at home with anyway. But be careful: MFA does not necessarily mean passwordless. The standard method in Microsoft Authenticator is usually “password + push notification.” This is secure, but it is not yet passwordless.

We go one crucial step further and specifically switch to methods that completely replace the password:

    • Windows Hello for Business: Biometrics or a PIN replace the password directly on the end device.
    • Authenticator “Passwordless Phone Sign-In”: Instead of password + push, we use the app as the primary factor. A “number matching” in the app is sufficient – the password is not even requested.
    • FIDO2 & passkeys: Wherever possible, we use hardware tokens or device-bound passkeys to prevent phishing.
    • Protection against MFA fatigue: Number matching prevents employees from accidentally confirming login requests that they did not initiate themselves.

A look behind the scenes: How we implemented it

We are currently putting the whole thing through its paces in the pilot team before we switch all “Tealies” over. Because for us, consulting means: We only recommend what we ourselves have successfully used in tough everyday project work or have thoroughly tested and documented.

Our steps in practice:

1. Preparation: We enable Windows Hello PIN for all identities (Normal & LADM).

passwordless bild 1

 

2. Authenticator check: We activate passwordless phone sign-in in the app.

passwordless bild 2

 

3. The cut-over: Our IT team encrypts the passwords with random values. From here on, there is no turning back for us, only forward toward convenience and genuine security.

 

A voice from our everyday consulting work: „I was skeptical at first, but it really works great. I still have to use a traditional password for certain apps, but hopefully the manufacturers will change that soon.“

What do you get out of it?

Whether you’re a small business or an enterprise, you face the same challenge as we do. How do you protect your company data without driving your employees crazy?

Through our own project, we gather insights that you won’t find in any manual. We now know exactly where the stumbling blocks lie when switching admin accounts and how to maintain high acceptance within the team. This knowledge flows directly into our consulting services for you.

Interested in a passwordless future? Take a look at Microsoft’s official approaches or contact us directly. We would be happy to show you live how we solved this at TEAL.

If you would like to learn more about the blog post and discuss it with a TEAL expert, book a consultation here!

<< Back

LATEST POSTS