Home Office says goodbye to passwords; boosts biometric authentication

Homeworking driven by the COVID-19 pandemic has caused companies to start implementing biometric authentications with their employees, rather than having employees use conventional passwords. According to Cisco's Duo Security, companies have begun to take steps to retire the password method on computers from which employees work remotely, as it is a technology that appears to be in a stage of obsolescence.

The study reveals that while the total number of two-factor or multi-factor authentications increased 39% in the last year, biometric authentications grew even faster, at 48% in the same period. The report notes that biometrics were enabled on more than 71% of Duo Security customers' cell phones, illustrating an increase in adoption driven by growing user acceptance of non-traditional authentication methods and the accessibility of the passwordless hardware they already carry in their pockets.

Moreover, employees and users prefer to also access their devices with biometric authentication rather than learning and retaining passwords for all their devices such as phones or computers. Duo also saw a five-fold increase in the use of web authentication (WebAuthn) since April 2019, when the World Wide Web Consortium (W3C) first published the open standard. WebAuthn allows biometrics to be securely stored and validated locally on the device, rather than in a centralized database.

"We have reached a point where the user experience is a security control in itself. Enterprises are moving toward new and more effective ways of handling access control and seeing in action how the democratization of security can go a long way toward enabling hybrid workers to focus on their core competencies without sacrificing security." - Dave Lewis, Cisco Global CISO Advisor

Duo's 2021 Trusted Access Report analyzed data from more than 36 million devices, more than 400 thousand unique applications, and approximately 800 million monthly authentications across Duo's global customer base, this includes data from the Latin American region. It revealed how organizations across all industries are enabling work from anywhere, on any device, by implementing controls to ensure secure access to applications.

On the other hand, the study reveals that during the pandemic, the use of virtual private networks increased, which serve to more securely access company information thanks to the creation of a kind of "tunnel" between the employee and the company; however, fraudulent access attempts grew 2.4 times during the same period and are still high 18 months later. Cisco noted that because of these threats, organizations are establishing stricter policies to verify the user and device security before granting access to applications. The number of authentication failures due to out-of-date devices increased 33% between 2020 and 2021.

"Ditching passwords will significantly improve the login experience for the vast majority of users, which in turn will result in improved security. More than half of organizations are planning to implement a password-free strategy, according to a new survey of global technology decision-makers."

"Forty-six percent of respondents said that security issues related to compromised credentials are the most frustrating or worrisome aspect of password management in their environment," the study added.

These are the new rules for the home office in Mexico

As of January 11, 2021, the new rules for performing home offices are in effect in Mexico, after the Federal Labor Law was reformed to include new rules for companies to follow so that their employees can perform their tasks at home.

The confinement, derived from the COVID-19 pandemic, has allowed faster regulation of work at home, so the legislature approved these modifications that even define teleworking as the activities performed by employees in facilities other than those your company has to perform their tasks. The definition of a home office also includes assignments for which new communication and information technologies are required.

The modality of working from home will have to be part of the collective contract in case there are unions, otherwise, it must be included in the internal work regulations. In addition to defining the salary, dates, and forms of payment, job description, equipment, and supplies necessary to perform the work.

Obligations of employers if their workers do home office

They must provide, install, and maintain the necessary equipment such as computer equipment, ergonomic chairs, printers, etc.

Pay wages promptly.

Assume the costs derived from the home office as the payment of telecommunication services (internet) and the proportional part of electricity.

You must keep a list of the supplies given to the workers

Implement mechanisms that preserve the security of information and data used by workers.

Respect the right of the worker to disconnect once their workday is over.

Register the workers in the social security system.

Provide training and advice to ensure adaptation, learning to use the technology used.

Obligations for workers who perform the home office

Maintain in good condition the equipment, materials, and supplies received from the employer.

Inform about the agreed costs for the use of telecommunication services and electricity consumption derived from the home office.

Attend and use the mechanisms and operating systems for the supervision of their activities.

Attend to the policies and mechanisms for data protection, as well as restrictions on its use and storage.

Employees have the right to disconnect, i.e., not to participate in communication via digital platforms (WhatsApp messages, phone calls, or emails) where work-related issues are discussed.

This way, if you perform home office these are the new rules to be able to comply with the new modifications to the Federal Labor Law regarding Home Office.