When great minds and visionary leaders come together, good things can happen. Better yet, when they come together with a shared interest to solve a challenge and bring along specialized teams with a common goal, fostered by a culture of innovation, great things do happen.
For 1Kosmos and AuthenticID our leadership teams assembled in Malibu, adjacent to the Pepperdine University campus, a few weeks ago when we first attended the All for Humanity Alliance gala.
Our primary goal: to discuss and plan a combined solution leveraging our unique strengths in digital identity proofing and passwordless multi-factor authentication. A solution that quite literally changes the security landscape as we know it.
As commercial enterprises, we of course exist for the benefit of our employees, customers and investors. But, we share a mutual desire to make the world a better place and that’s where the week started essentially in a rally to unite with non-profits, law enforcement and government agencies in the fight against the growing problem of human trafficking.
Soon after our discussions turned to Identity and Access Management … with a focus on true digital identity as foundational to addressing the many cybersecurity challenges facing organizations today.
Identity Verification on the Web
Dating to well before a global pandemic focused many on remote onboarding of employees, customers, and citizens, the founders of 1Kosmos realized that digital identity was a need for the future of business in a virtual environment.
The central challenge: How do you determine a person on the other side of a digital connection is real and is who they claim to be? This of course is a challenge at initial onboarding, but also at every subsequent online access event with the absolute need for objectivity, equity, and fairness at every step of the journey.
With a 99.6% Target Accept Rate (TAR) and .01% False Accept Rate (FAR), the solutions facial scan recognizes the human form over an Internet connection without racial or gender bias and verifies liveness so as to not be spoofed by photographs, videos and the many other tricks of the trade. This vastly exceeds human recognition rates and avoids nearly all machine introduced errors.
Matching to government issued credentials from over 200 countries around the world works remotely from just about anywhere on just about any device. For example, in the US alone there are over 650 or so variations of state IDs. Copies and fake IDs don’t fool it. And, if government credentials are not available or appropriate for use, identity can be verified via Telco, Banking, and SIM card.
Using Facial Recognition for User Authentication on the Web
Once we’ve proven a user is real and who they claim to be the first time, why not use this strong, verified identity to replace passwords, which by comparison are exceptionally weak?
For this, 1Kosmos has built passwordless multi-factor authentication across Microsoft, Mac, Linux, and Unix operating environments. Where required, the platform accommodates device level biometrics, SMS and push notifications, and supports physical access devices such as Yubikey. It even supports self-service password reset capabilities for legacy systems that can’t go passwordless as well as the many corner cases requiring access without Internet connections, lost / stolen devices, and digital identity recovery options similar to those of crypto wallets.
The Importance of Consent and Privacy
But, as we know, passwordless access using biometrics (e.g., fingerprints, voice, facial, iris) need to be safely secured and kept private. In an age where data breach has become routine, storing user biometrics and all personally identifiable information becomes a primary security concern.
For this, the “privacy by design” of the 1Kosmos distributed digital identity solution secures information in a private, permissioned blockchain accessible only with user consent using a FIDO2 certified cryptographic public-private key pairing.
This means: 1) there is no central honeypot of user information or a user store for hackers to attack, 2) No 3rd parties have administrative access to user information, and 3) Users have sole authority over their information and determine what is shared or deny sharing with any online service at any time access is requested.
Given that there are somewhere north of 230 GDPR-like regulations around the world, this is an extremely powerful capability particularly as workers, customers, and citizens request online access to a growing number of remote services from organizations that deliver those services via cloud, hybrid, and on prem platforms.
The Architectural Advantage
While security has always been a balance between risk and convenience, it should never be about what is just good enough. The combined 1Kosmos / AuthenticID solution is a clean sheet approach to nagging issues that have plagued identity and access management over years and it solves the unique challenges of modern businesses operating in a rapidly evolving world requiring remote access to digital services.
It provides two best in class capabilities via a platform-based approach without significantly changing or disrupting IAM infrastructure or the user experience. And, it can be easily implemented via SDK / API alongside existing systems, which can then be gradually phased out to generate significant savings through a radically simplified IT approach.
Existing users can be migrated to significantly more secure and easy to use passwordless authentication with little to no training, while new users get friction fee onboarding that reduces operating costs and secures personal information from end to end. Since only users possess the private key to their information and unlock it with their verified biometric, compliance and consent requirements are addressed at scale.
New account fraud, account takeover, and fraudulent transactions are virtually eliminated as is the risk of ransomware, phishing and data breach. Net – iron clad security significantly reducing the risk from fraud and identity-based cyber attacks, decreased costs, and significantly increased user safety and satisfaction that builds trust and loyalty.
Beyond Passwordless Authentication
As of late it seems fashionable to rush passwordless authentication solutions to market with hype and claims that are just a bit beyond reality. But 1Kosmos and AuthenticID have been developing solutions over the past decade to solve the problems with passwords, security, privacy and a bloated IT stack for IAM. In that time our solutions have undergone certification to strict industry standards that have evolved over the same period.
Specifically, we are certified to FIDO2, NIST 800-63-3, PAD-2, and ISO 27001 and compliant to W3C, SOC2 and GDPR. Our solutions are real and they are deployed, performing millions of identity proofs and authentications daily. 1Kosmos alone manages over 50m digital identities for some of the largest brands in the world. We’ve passed the rigor of those and other agencies such as the Food and Drug Administration.
Everyday thousands of doctors onboard and authenticate through our platform to write prescriptions for controlled substances for patients in need. Employees and customers from multiple financial institutions around the globe authenticate through 1Kosmos for secure, easy access to the systems and accounts they need. Our solutions also address the needs of public sector organizations to identify citizens and deliver constituent services while avoiding the type of fraud that has devastated so many programs intended to help those in need.
From the start our mission has been clear – to provide individuals with a secure digital identity that provides control of their credentials and enables service providers use, with consent, to fight identity fraud.
Of course passwordless is a part of this, but in a way it’s only a feature. We didn’t need to build a platform for only passwordless authentication. We built a platform that closes the door on fraud by identifying the identity of every user accessing digital services, satisfies privacy and compliance, and that onboards and authenticates users with ease.
Our identity and authentication platform is the first of its kind to address the needs of users, administrators, and developers to solve the evolving security challenges faced by organizations every day and in all corners of the world. This goes beyond passwordless to digital transformation of the Identity and Access Management to drive significant cost savings, efficiency and agility.
“It’s a wonderful thing to have a shared, mission-driven purpose with 1Kosmos of using technology for good. Knowing our solutions help fight and protect vulnerable people is what unifies us and inspires our employees and partners every day” commented Jeff Jani CEO of AuthenticID.
“Together with AuthenticID we share a vision of combining strong identity proofing with strong passwordless MFA. It’s very gratifying to see this come to life in a distributed digital identity that protects businesses from cyber threats and delivers individuals an experience they control and truly enjoy,” said Hemen Vimadalal, CEO and founder of 1Kosmos.
We are excited to come together with the AuthenticID team later this month at a joint webinar titled Fighting Fraud in Government Services with Digital Identity. Please register today to join us for the session.