woman handing smart card to man

Ditch Passwords, Boost Productivity: Meet the Crescendo Family

December 10, 2024 • Eric Vila or HID Global

Maximize Productivity, From Lobby to Laptop

From a user perspective, the best authentication method is the one that works — quickly, securely and with as little friction as possible.

And from a technical perspective, the best way to accomplish that goal is to go beyond individual solutions and think about the entire authentication and enterprise security journey.

That’s why the Crescendo® Cards and Keys are just that: a family. This comprehensive set of flexible authenticators supports a broad array of protocols, technical specifications, and regulatory frameworks and certifications. They’re also instantly compatible with a variety of different enterprise resources and applications. Most importantly, they fit into a much broader multi-factor authentication (MFA) ecosystem, from credential enrollment, life cycle management systems, readers, printers, middleware — and even a certificate authority.

Why is that important? In this article, we’ll examine how the Crescendo family leverages the power of end-to-end design to increase productivity, simplify integration and maximize the value of enterprise technology investments.

Increase Workforce Productivity With Converged Credentials

The traditional workplace authentication journey looks like this: Your ID card gets you into the office. Different passwords grant access to different applications, though you need a separate key (or two) to access high-security resources.

And forget about what happens when you work from home and need to log into the corporate VPN.

Converged credentials, by contrast, empower organizations to streamline the authentication workflow from the beginning to the end of each work day. Through a single ID badge, each Crescendo Card grants phishing-resistant, passwordless access to office doors, printers, workstations and digital applications.

Whether used as an MFA factor or built into a passwordless authentication workflow, Crescendo authenticators support PKI, FIDO2 and OATH and offer the broadest range of physical access technologies in one device. They are also compatible with critical enterprise infrastructure — more on that in the next section — from Microsoft Entra ID (formerly Azure Active Directory) to near field communication (NFC) readers.

Adapt to Evolving User Needs With Multi-Technology Credentials

Supporting multiple technical standards isn’t just a good way to ensure compliance with industry regulations. It also helps build solutions that provide the right level of security for the right user — and scale to fit future needs.

Crescendo offers the broadest range of multi-technology credentials for logical and physical access so you can be sure your solution fits your needs well into the future. The technologies we support include:

  • FIDO2 — HID is proud to support the development of secure, passwordless standards as a member of and contributor to the FIDO Alliance. Crescendo Cards and Keys hold device-bound passkeys that can be deployed in days to deliver a one-touch passwordless experience.
  • PIV/PKI — Crescendo’s certificate-based capabilities power secure access to both physical and digital resources, including digital signing, email and file encryption, and secure print release
  • OATH — Crescendo supports two-factor authentication (2FA) deployments that use the industry-standard OATH algorithm for one-time password (OTP) generation — most commonly, virtual private network (VPN) gateways and in-house developed web applications. In addition, a simplified user experience means there’s no need to copy a code from the authenticator into the log-in form. The simple touch of the Crescendo Key button transfers the OTP value as keystrokes to the device where it’s plugged in.
  • Physical Access Technologies — HID supports contactless access control technologies, including Prox™, iCLASS®, Seos®, MIFARE Classic and MIFARE DESFire

HID is also certified and aligned to many standards, directives and policies, helping companies find the best path to compliance. This includes:

  • NIST FIPS  — Government agencies in the United States and Canada are required to use cryptographic implementations approved by the NIST Cryptographic Module Certification Program, also known as the Federal Information Processing Standards (FIPS). The Crescendo Cards and Keys are FIPS 140-2 certified, and final testing to verify FIPS 140-3 certification for our Crescendo 4000 series is also currently in process. The Modules in Process List contains our submissions.
  • CJIS — HID helps law enforcement agencies adopt CJIS-compliant MFA solutions that safeguard data without standing in the way of critical public safety tasks. These solutions make it easy to keep up with evolving standards and give law enforcement officials easy access to sensitive records at any time, from anywhere.
  • NIS2 — The revised Network and Information Security Directive (NIS2) aims to improve cybersecurity within enterprises in critical sectors in the European Union. Strong, multi-factor authentication plays a crucial role in addressing the new requirements, and HID’s experts can help design solutions that ensure complete compliance.

Simplify Integration With End-to-End Authentication

Crescendo is part of HID’s Authentication Platform Ecosystem that makes it easy to build the security journey that’s right for your organization. Here’s how this journey unfolds:

Image
ManagementCredentialsWhat You AccessB u il d i ng sOMNIKEY or 3rd party readersDigitalPersona®Authentication Backend On Premises or SaaSCrescendo® Cards  Crescendo KeysHID Credential Management System (CMS)Hardware Tokens (OTP) & HID Approve™ (Push and OTP)IdenTrust®  Certificate AuthorityHID PKI-as-a-Service N et w o r k sHow We Authenticate
  • It starts with secure credentials, including phishing-resistant passkeys, that can be placed on physical devices like smart cards and security keys — and used to grant access to both physical and digital resources
  • Organizations can view and manage these credentials through our Credential Management System (CMS), which streamlines the issuance, revocation, renewal and ongoing management of access permissions, PINs and digital certificates for employee authentication, data encryption and signing
  • A powerful SDK makes it easy to integrate support for the Crescendo family into your organization’s broader security ecosystem, while the Crescendo Minidriver seamlessly enables Crescendo Cards to work within the Microsoft ecosystem for both personalization and card usage. Lastly, the Crescendo Manager enables technical staff and powers users to configure, manage and test Crescendo devices.
  • State-of-the-art OMNIKEY readers and authentication services support over 15 standard credential types and are built on open standards to power easy integration with other systems
  • These components combine to create powerful, end-to-end solutions that grant secure, passwordless access to applications, networks and buildings — and are trusted by highly regulated industries like healthcare, financial services and government

This comprehensive MFA ecosystem simplifies integration by removing the pain of onboarding different vendors.

Of course, it’s not always possible to invest in a new end-to-end solution. That’s why HID’s technologies are also compatible with other readers and management systems — along with the other platforms that enterprises rely on, including Windows and MacOS. In fact, besides the Crescendo Minidriver, the Crescendo family is fully supported by the built-in Microsoft Minidriver.

Maximize the Value of Your Security Investments

When you invest in any one piece of enterprise security infrastructure, it helps to have a vendor who understands the broader landscape. Thanks to the scale of the Authentication Platform portfolio, HID has a unique perspective on how authentication fits into a much larger set of technologies that streamline workflows and boost productivity. We understand how employees, visitors and vendors want to work — and what organizations need to do to secure every step of that journey. And we work closely with each client to customize a solution that delivers on both security and business goals.