Today we relaunched the 1Kosmos brand at a time when both business and government leaders are demanding improved security against cyber threats while international gangs feast on ransomware, data breach, and phishing attacks targeting US and other primarily non-Russian speaking businesses.
It comes as no surprise that the initial point of compromise for many of these attacks are stolen passwords.
The 1Kosmos BlockID Platform
The 1Kosmos BlockID platform stops these attacks by eliminating passwords and taking an identity-based approach to authentication. We bring worker and customer identity into the security perimeter so that organizations know with certainty who is accessing IT assets and services.
With venture funds recently amping up investments into both identity and passwordless authentication, the timing is right I suppose, but the timing has been right for quite some time. 1Kosmos has had identity and authentication products in the market for over 3 years now solving real world problems, and with a network of over 28 channel partners our solutions already perform +1m authentications each day.
Issues with Passwords
The problems with passwords are well known. Endlessly creative and unrelenting phishing attacks on the human psyche … the fake but plausible voice message recordings, courier package notifications, shared files and documents all requesting user authentication to access information. Little wonder Microsoft, Google, and FedEx are among the most impersonated brands.
But, password problems go much deeper. Corporate VPNs are under attack. Every single login page represents a potential open door. A long-forgotten server, a default password left unchanged, or one all too easy to guess set in haste and ignored over time. Each one exposes organizations and their supply chain partners to potential dangers.
From end-to-end, passwords need to be protected, but we don’t trust them anyway so we send two-factor authentication codes to “prove identity” … those annoying transactional speed bumps that sap workers’ productivity and alienate customers.
The unsettling truth with letting workers login and customers approve transactions this way is that they don’t prove identity at all. We may want to believe that we are in control, but we are not. We are running on hope … hope that passwords are confidential, that an email account hasn’t been compromised, or a device hasn’t been breached.
Traditional security systems are blind to identity-based intrusion because they are easily tricked by an antiquated proxy for identity – the password. Fifty years ago when passwords were invented this was about as close to identity as we could get in the online world, but as long as we rely on passwords and codes we won’t know with much certainty who is accessing corporate IT assets and services.
And because that’s true, we can’t expect adequate control of cyber risks or predictability in managing an operational plan without material risk of disruption. We can hide passwords behind single sign on, but this much is clear. Not only is the current password-based approach failing to secure business, but it’s bringing with it loads of cost, complexity, inefficiency, and uncertainty.
Aside from vulnerabilities associated with password compromise and unauthorized sharing, when you look at the cost of protecting passwords, lost time and administration of password resets, and antiquated 2FA infrastructure, businesses are under heavy burden from relying on passwords to protect their systems and by extension their workers, customers, and supply chain partners.
Strong authentication using biometrics shows great promise in replacing passwords by getting past the “something you know” (AKA “knowledge factor”) represented by the password and moving to the “something you are” (AKA “inherence factor”). But capturing user biometrics is one thing – securing them an altogether separate challenge because just like passwords, a digitized biometric can be stolen.
Apple has one answer. Keep the biometric on the device. But then a device can have many biometrics, and that doesn’t prove identity on any one app or service either. The Fast Identity Online Alliance has developed a second approach via their FIDO2 standard which stores each user biometric behind a cryptographically secured public-private key pair. This puts access and control directly in the hands of the user.
At 1Kosmos, we’ve taken our FIDO2 certified platform one step further with a distributed identity based on W3C DID standards. This removes central administration of the database via a distributed ledger for true “privacy by design,” putting users in sole access and control of their identity.
The 1Kosmos BlockID platform is also certified by Kantara to the NIST 800-63-3 guideline for Identity Assertion Level 2 (IAL2) and Authentication Assurance Level 2 (AAL2) – a very important guideline to follow for Know Your Customer identity proofing.
For document verification we follow W3C VC standards, and our LiveID™ or “Liveness” test defeats facial spoofing to match and then verify government issued credentials such as a driver’s license or passport. But not every user will have those, so we’ve made it possible through industry relationships to verify identity via telecom and banking credentials as well.
With these core capabilities, 1Kosmos integrates identity and authentication, ushering in a new generation of multi-factor authentication in which LiveID and the cryptographic private key stored in the Trusted Platform Module / secure enclave of the user device become strong authentication factors.
But even as we move web-enabled systems to passwordless access, many legacy enterprise applications will likely remain password-based for years and perhaps decades to come. This is why we’ve placed a high premium on interoperability and have incorporated capabilities including password-reset for legacy applications into our mobile application, which itself can be embedded via API / SDK where needed.
And so while we eliminate passwords our mission is focused squarely on users, providing individuals with a secure digital identity they control and enabling service providers to use it with consent to fight identity fraud.
Our challenge in a way isn’t new. Steve Jobs saw one similar to it decades ago, and he probably said it best. To effect change, “you have to start with the customer experience and work backward to the technology”.
Authentication with 1Kosmos
At 1Kosmos our corporate journey didn’t start or stop with #passwordless access. That is clearly a design objective, but user convenience, privacy, security, convenience, interoperability, scalability, and portability of identity all play a part.
The journey to solving the problems facing users in authenticating their identity while protecting their privacy and at the same time securing access to corporate systems in both their personal and professional lives led to 1Kosmos BlockID.
Please check out the 1Kosmos website for more!