This week news broke about the strategic partnership between 1Kosmos and AuthenticID. This is an industry first that provides end-to-end strong identity proofing and authentication solutions for citizens, employees, and customers.
There are a few fundamental drivers behind this partnership. The first is the pressing need for digital-first organizations to verify the identity of individuals interacting with them over the Internet with high certainty and as efficiently as possible. With extensive business-to-user work processes moving online in our increasingly digital world, this capability becomes critical as the primary way to prevent fraud and ensure services are being delivered to legitimate users.
This partnership brings to market an ability to perform certified identity proofing of remote users to the highest level currently available over the Internet (Identity Assurance Level 2/IAL2) and to do so in a way that defeats spoofing and produces a 10x lower error rate than legacy solutions. Importantly with demonstrated error rates at or below 3% and variance between ethnic and gender groups of less than 1%, this far improves upon human error rates in manually performing basic biometric tasks (typically between 19% – 38%) and avoids the identity decisioning bias that has plagued some solutions.
The second fundamental driver is to preserve the investment made in rigorous identity proofing by issuing legitimate users strong multi-factor biometric authentication credentials where the user is the authenticator … not some shard of information they happen to know, such as a one time code. This provides the added benefit of verifying user identity to the highest level currently available over the Internet (Authentication Assurance Level 2 / AAL2) every time a user logs in. This in turn empowers organizations to know with certainty who is logging into their network – a capability in support of a zero trust environment that passwords, legacy MFA and unverified biometrics simply cannot provide.
By verifying their likeness to login, users gain access to digital services with unmatched convenience. In surveys, 79% preferred this form of authentication to passwords for logging into the corporate VPN, and 86% preferred it for accessing applications. Better yet, by providing identity assurance at every login, the combined solution transforms security from a one time event to a continuous process.
Certifications to NIST 800-63-3 support interoperability and avoid vendor lock, making this an ideal compliment to organizations who have SSO in place or who have already implemented passwordless solutions such as Windows Hello for their Microsoft environments. This makes it easy, for example, to extend identity-based passwordless capabilities to Domain Controllers, Mac, Unix and other non-Windows platforms and applications. It also serves as a single UX supporting all passwordless and MFA solutions in one web application.
Even for systems that cannot go passwordless, users are able to use identity-backed password reset, saving operational expenses in the helpdesk and speeding user access to systems for which they have forgotten their passwords. Even for something as simple as a password reset, costs per ticket can be around $70.
Powerful, transformative capabilities such as these come around only so often. When a partnership like this comes together, we expect other vendors to follow our lead. If and when that time comes we’ll applaud the effort because stopping cybercrime that threatens our way of life is that important – especially ransomware, phishing and data breach executed via credential compromise.
For our part, this is not new. 1Kosmos has been at this for 5 years running now with certified and implemented solutions supporting millions of authentications each day and over 50m identities managed. We will continue in the spirit of innovation that has brought us this far — continuing to challenge what we currently accept as normal to improve security and defeat cyber crime!