As an EA, you’ve probably been in this situation. You need to update your executive’s calendar, but can’t access it without their password. So, what happens? Often, passwords get shared informally – written on post-it notes, texted or whispered across desks. It works but it creates serious security vulnerabilities.
The good news? This awkward dance is ending. More than half the workforce now uses passwordless authentication, according to Gartner. This is a dramatic jump from less than 10% just a few years ago. And for EAs, this shift solves a problem you’ve been dealing with for years.
Why passwords never worked
Traditional password systems weren’t designed with your role in mind. You need swift access to multiple accounts on behalf of your executive – calendars, emails, travel bookings and more. But managing all those passwords (or worse, sharing them) creates compliance issues and security risks.
The industry has finally recognised this gap. New authentication methods let you access what you need without ever knowing your executive’s password. You authenticate yourself then the system grants you access to the specific accounts you’re authorised to manage.
How it works
Microsoft Entra ID now supports several options that suit typical office environments. Windows Hello for Business lets you use fingerprint or facial recognition on your PC. FIDO2 security keys (small USB or NFC devices from providers like YubiKey) work across multiple devices. Or you can use the Microsoft Authenticator app, turning your smartphone into an authentication tool.
Once you’ve authenticated using your chosen method, you can access your executive’s calendar and email without needing their password. The system knows you’re authorised, it creates an audit trail of your actions, and everyone stays secure.
Smarter delegate access
If you’ve used Microsoft 365’s delegate access, you know it’s been an EA staple for managing executive calendars and emails. What’s changed is the security around these permissions.
Modern delegate access now integrates with your organisation’s identity management, creating clear records of who accessed what and when.
This protects both you and your executive. If questions arise about a calendar change or email sent on their behalf, there’s documentation showing your authorised access.
The Security & Compliance Centre now generates reports specifically on delegate actions. This means you can confidently manage commitments knowing your actions are properly documented.
What to expect
As these technologies spread, you might encounter hardware security keys, which are particularly useful if you work across multiple devices or locations. Most modern laptops now include fingerprint readers or facial recognition cameras worth configuring properly.
Delegate permissions should be reviewed regularly, ensuring you only have access to what you need. And it’s worth establishing emergency access procedures for when your executive is unavailable, but you need critical information – modern systems can support temporary permissions that automatically expire.
Making it work for you
The move toward passwordless authentication recognises that EAs need security designed around real workflows. Informally shared passwords and workarounds should be ending; replaced by secure, auditable systems that let you support executives effectively.
If your current access arrangements feel insecure or cumbersome, talk with your IT team about how these newer technologies could better serve both security requirements and practical needs. These tools exist to support your workflow, not complicate it.
Neither the author nor Executive PA Media have commercial arrangements with the products mentioned in this article. No endorsement is intended.
