HKUST ITSO AI Chatbot

Important reminder

Please do not disclose personal data such as your HKUST account number, staff/student ID or name in the chatbot. Information provided will be retained to enhance system performance.

By using the HKUST ITSO Chat service, you confirm that you have read, understood, and agreed to the Disclaimer

Log in to access additional information for your user group in addition to the publicly accessible content.

Send Icon
Passwordless Authentication

Please watch the Passwordless video for a quick introduction.

Passwordless authentication is a method of verifying a user's identity without requiring a traditional password. Instead, it uses alternative factors that enhance security and improve user experience. Common approaches such as:

  • Biometric Authentication: Uses physical characteristics such as fingerprints, facial recognition, to grant access.
  • One-Time Code: Sends a unique code to the user's mobile device or email, which they enter to authenticate.

Passwordless authentication is supported for HKUST SSO Service, allowing users to enjoy a seamless and secure logon experience. After enabling the passwordless authentication, password will only be needed in very rare occasions. Passwordless authentication will replace DUO 2FA, offering the same level of security with significantly improved convenience. Here’s why password-based authentication is becoming obsolete:

  • Password is inconvenient, especially if complex combination is required
    • long password is hard to remember
    • non-alphabet password is difficult to type, especially when using mobile
  • Security weakness - easily being attacked because you type it on many different devices and in many occasions, increasing the chance of being eavesdropped
  • Overall, it is costly for both users and IT support

Benefit

  1. Enhanced Security
    Eliminates password-related risks such as phishing, credential stuffing, and brute-force attacks.
  2. Improved User Experience
    Users no longer need to remember complex passwords, streamlining the login process for faster and more convenient access. It also enables a seamless sign-in experience across web applications while reducing the frequency of multi-factor authentication (MFA) prompts.

Implementation

ITSO implemented Passwordless authentication using Microsoft technology in the following services.

  Browser-based SSO (CAS logon) using Microsoft Authenticator APP Window 10/11 Sign On using Window Hello for Business (WHFB)
Introduction Microsoft Authenticator is a mobile app for Azure MFA and Passwordless.  In a situation if the Authenticator app cannot be used or network is not available, the login flow can fall back to password and MFA.
  • Window Hello for Business replaces password to provide secure access to Window 10/11, using either biometric or pin
  • It needs to be set up separately for EACH of the Window devices you may access
Usage Scenarios Sign on CAS and Office 365 apps with your mobile only, usually with the added security of biometric verification available in your mobile device
  • Safe login to your personal devices without the risk of typing password
  • Allows SSO to native Office 365 app and browser apps with Edge/Chrome/Firefox browser
Requirements
  • Biometric sensors are optional as PIN can be used
  • You are required to register Azure MFA by installing the Microsoft Authenticator App or registering your mobile for SMS which are used to reset Windows Hello PIN or Biometric if necessary
Getting Start

 
Note
Related Tools
Learn More

Support

General Enquiries cchelp@ust.hk
Suggestions & Complaints cclisten@ust.hk
Serviceline +852-2358-6200