Let’s face it: passwords are a problem. 

Traditional password-based authentication methods present significant challenges and vulnerabilities in today's digital landscape. Passwords get reused and recycled. Attackers can use partial or expired user information in “credential stuffing” attacks. Keylogging attacks can capture user credentials at the time of input.  

To mitigate the risks of password-based authentication, we layer on multifactor authentication (MFA), which can be done in several ways. Traditionally, this involved either a one-time passcode sent by SMS to a known mobile device, an app that tied back to some managing infrastructure, or a hardware token that generated a one-time passcode. Rubrik Security Cloud already offers robust authentication, with native time-based, one-time password (TOTP) multifactor authentication enabled by default for local users, password complexity policies, and support for SAML 2.0-based Single Sign-On (SSO). 

But today’s threat environment demands more protection. So Rubrik is excited to unveil the latest advancement in authentication security: Rubrik Security Cloud now supports using passkeys for multifactor authentication. This enhancement offers users a seamless and highly secure way to authenticate their identities, using a passkey (a digital cryptographic credential tied to a user account and a website or application) as another factor in the authentication process. 

Passkeys can enhance users' security posture and streamline the authentication process across all devices and applications. Benefits include:

  • Enhanced Security: Passkeys provide a robust extra layer of security, making it significantly more difficult for unauthorized users to access critical data and systems.

  • Improved User Experience: With passkey-based authentication, users can enjoy a frictionless login experience, without needing to check an app on their mobile device.

  • Compatibility Across Platforms: Rubrik Security Cloud's passkey support ensures seamless integration with a wide range of devices and applications, maximizing user convenience and accessibility.

  • Phishing Resistance: While all methods of MFA are better than simply using username/password for authentication, there are well-documented attacks that target some other MFA, including SIM swaps against SMS MFA. Passkeys are highly phishing-resistant by design.

How Passkeys Work with Rubrik Security Cloud:

  1. User Enrollment: Once enabled by an administrator, users can create and register their passkeys securely within Rubrik Security Cloud, associating their unique passkey with their account for future authentication.

  2. User Login With Multi-factor Authentication: Users log in with their username and password, then can use passkey-based authentication, which can be combined with additional factors such as biometrics or PIN codes for a multi-layered security approach, further bolstering data protection.

Simplified Multifactor Authentication with Rubrik Security Cloud

By embracing passkey-based authentication through Rubrik Security Cloud, organizations can take a significant step toward a passwordless future. This modern authentication approach enhances security and streamlines user workflows, ultimately driving operational efficiency and reducing the risk of password-related security incidents.

The introduction of passkey-based authentication in Rubrik Security Cloud is a direct reflection of our commitment to the CISA Secure by Design Pledge, particularly our focus on increasing the use of multi-factor authentication across products and reducing the effectiveness of a class of vulnerabilities—credential phishing. By strengthening existing multi-factor authentication support, we are not only reducing attack surfaces but also providing a more secure, seamless authentication experience. 

This advancement underscores our dedication to continually improving the security of our products and delivering on our promise to prioritize the protection of customer data, in line with the industry's highest security standards. 

How Do I Start Using Passkeys? 

Enabling passkey support is super simple: while logged into Rubrik Security Cloud as an administrator, browse to Settings > Security > Multifactor Authentication. You’ll see a switch to enable Passkeys. Flip this switch, and you’ll see some policy options. Depending on your organizational security policies, you have the options to allow or disallow platform (such as browser-based, Windows Hello, and Apple iCloud Keychain) and/or roaming (such as Yubikey, Google Titan, or other FIDO2 compliant hardware keys) passkeys. You can also specify a maximum number of passkeys per user, which can be helpful in scenarios of hardware failure, loss, or when you simply find yourself in a different city and have left your keys at home.
 

Enable Passkey


Once enabled by the administrator, local users who are configured for TOTP MFA can go to their User Preferences > MultiFactor Authentication, and from there, create a passkey. Once created, they will be prompted for their passkey on next login. Simple, huh?
 

Create Passkey


By offering passkeys as an alternative to the existing TOTP multifactor authentication, Rubrik Security Cloud simplifies the login process for users, maintaining strong authentication and resistance against phishing attacks.

Like what you see? Check out this guided lab for an overview of Rubrik Security Cloud!