Join Robert MacDonald and Javed Shah for an IBA Friday session! They will be discussing the 1Kosmos desktop login experience.

Video Transcript
Robert MacDonald: Round two.

Javed Shah: Okay, let's try this again.

Robert MacDonald: Try this again. Are we live? That's awesome.

Javed Shah: Your daughter is waiting at the school, you said?

Robert MacDonald: 2:30.

Javed Shah: So it's like 10 minutes.

Robert MacDonald: Yeah, it's five minutes from here. It's fine.

Javed Shah: Okay.

Robert MacDonald: She gets out in 10 minutes, so by the time she gets out, it'll be fine.

Javed Shah: Yeah. All right. Do we have the all clear from Maureen?

Robert MacDonald: We don't. Still recording. It's not live yet. Oh, got it. Says we're live-streaming, but that doesn't mean we're live. Does it?

Javed Shah: I think it does.

Robert MacDonald: Yeah. All right. All right. So round two guys. The first live stream that we got halfway through didn't work. So let's see if we got this one. Maureen, I'm assuming we're okay. Oh, okay, good now, is what I just got. So we're good. And it says we're live on my watch. That's usually the true telltale. All right. Hi everybody. Welcome to IB Friday. Just I'm going to go with the joke that I just used before because it's still true. I still don't have a black jacket. And you guys are rocking the black jacket today, and I feel-

Javed Shah: Definitely, yeah. Huge miss on your part.

Robert MacDonald: It's only for PMs, it's not for PMMs. I guess, that's what it is. Javed, how are you?

Javed Shah: I'm doing great. How are you my friend?

Robert MacDonald: Good. We've got a special guest today. We've got Rishabh with us. How you doing Rishabh?

Javed Shah: Hey Rishabh.

Rishabh Srivastava: I'm doing good. Thank you for having me.

Robert MacDonald: Yeah, we're excited for you to be here. So today you're going to talk to us about desktop login.

Rishabh Srivastava: That is right. Yes.

Robert MacDonald: All right. So do you want to show us that?

Javed Shah: Yeah-

Rishabh Srivastava: Absolutely.

Javed Shah: ... showcase the capability.

Robert MacDonald: Yeah.

Rishabh Srivastava: I'll be sharing my screen. Yeah.

Javed Shah: Go ahead, please.

Robert MacDonald: Yeah, go ahead. Javed-

Rishabh Srivastava: Just let me know when you see.

Robert MacDonald: Javed, you coded all this yourself. Is it you?

Javed Shah: Yeah, if it works, then I did. If it doesn't work-

Rishabh Srivastava: If it doesn't.

Robert MacDonald: If it doesn't, it was Rishabh. Fair enough. All right. Rishabh, what do you got? Show us. Sorry. So this is Windows and Mac, right? We've got two [inaudible 00:02:28].

Rishabh Srivastava: Yeah, Windows and Mac.

Robert MacDonald: Okay. All right.

Rishabh Srivastava: Absolutely. Yes. So I would be starting with the Windows one. Yeah.

Robert MacDonald: Yeah, go ahead.

Rishabh Srivastava: That nice sort of the videos over here. So we'll start with the first one. Yeah. You're able to see this?

Robert MacDonald: Yep.

Rishabh Srivastava: Okay. So the first one is QR based logins, which is completely passwordless. What you need to have is the BlockID mobile application installed in your device, the mobile device, and then of course, the BlockID endpoint agent or the credential provider installed on the workstation. And what you do is click on the BlockID tile over here, a QR code pops up. What you do is scan it using your mobile application, provide a biometrics and you would be logged in.

Javed Shah: Of course, as you open up your mobile app, you're already passing through the biometric gate, right? Whether it be face ID, touch ID, or if you've configured the advanced biometrics we call live ID, you've already passed through those biometric hurdles, you've passed them and now at this point you are adding this additional QR code scan to get [inaudible 00:03:34].

Rishabh Srivastava: QR code scan. Exactly. And then when you're scanning the QR code as well, then again you'll have to provide whatever configured biometric is touch ID, face ID or the live ID. Yes.

Robert MacDonald: Cool. And so that's never a username and password? Never?

Rishabh Srivastava: Never, yeah, never.

Robert MacDonald: Sweet.

Rishabh Srivastava: Okay. Now when the user is already logged in, they step out of the workstation. They don't sign out, but they log the machines. We have another feature to send push notifications across to the mobile device, which the user can approve, provide authentication using their biometrics, and then they would be logged in. So if the user session, you would see there is a user style available, which was not previously available if the user is not signed in, you click on that. A push notification is sent across to the mobile application. You approve that and then you logged in. Even less friction, you don't have to go about [inaudible 00:04:31].

Javed Shah: And you can even receive that push notification on Apple Watch, by the way, Robert, right.

Rishabh Srivastava: That is right. Yes.

Robert MacDonald: Yes.

Rishabh Srivastava: Yeah. Can be approved there as well. Okay. So the next one I have is log in using OTP. So these two are the passwordless we just saw. And then the next one is using OTP, which is displayed on your mobile application, the BlockID mobile application, you can use that to log in. So if enabled by the administrator in the configuration settings for the credential provider, the user can use this feature to log in. They need to type in the user ID and whatever OTP is displayed on the application. This is a time-based OTP which cycles every 30 seconds. So every 30 seconds a new one is generated, the previous one cannot be reused.

Javed Shah: I'm happy to see, Robert, you're the test user.

Robert MacDonald: I am. I'm trying to figure out how I do that with your typing. It's-

Javed Shah: Fantastic.

Robert MacDonald: Yeah.

Javed Shah: Get to take all the credit, man.

Robert MacDonald: So again, no password or so that-

Rishabh Srivastava: No password.

Robert MacDonald: ... considered passwordless? Yes?

Rishabh Srivastava: Yes. Because that is a rotating secret or a rotating [inaudible 00:05:48]-

Javed Shah: It's a step-up, a second factor.

Robert MacDonald: But that login happened without using, it's just a username and then the OTP.

Javed Shah: Yeah, because I think the concept of the password, the burdensome concept is that you have to remember it.

Robert MacDonald: Yeah, absolutely.

Javed Shah: You don't have to remember this OTP, you just flash your phone up and there it is. Right. Nothing to remember. That's why it qualifies as password. Let's accept with the second factor.

Robert MacDonald: Right.

Rishabh Srivastava: That's right. Yes. Now there are clients who ask us to step up the password with an OTP. So we also have a forced password MFA where the user needs to type in their passwords along with the OTP they see on the screen, on the mobile screen. So that is also supported by the BlockID credential.

Javed Shah: That's a classic [inaudible 00:06:32] use case, right? I want to add more section to your journey, hey, so [inaudible 00:06:35].

Robert MacDonald: Absolutely. Yeah.

Rishabh Srivastava: Yeah.

Robert MacDonald: Password aren't secure enough. Let's add another layer in to make sure you are who you say you are.

Rishabh Srivastava: Yeah, exactly. Yeah.

Javed Shah: And what's obviously left unsaid here is that in order to open the app, you had to go through the biometric gate.

Robert MacDonald: That's right.

Rishabh Srivastava: Absolutely. Yes.

Javed Shah: So that's not evident on the left side of the screen, but the experience involves the biometric verification as well.

Rishabh Srivastava: Yes.

Robert MacDonald: Hey Rishabh, am I using the same password I used for the last 10 years there? That I just changed the number at the end of every time.

Javed Shah: No comments. Don't respond to that.

Robert MacDonald: Just curious.

Rishabh Srivastava: And to add to this, we just do not support only the OTP when the workstation is online. What we do support is when the workstation is offline or the mobile devices is offline, you can use OTPs to log in. So we use another OTP, Workstation OTP, that is what we call it, which is based on the pairing between the mobile device and the credential provider. So that is what we support as well. And the other thing in OTP that we support is hardware OTP tokens. That is also an FT feature that we support where clients or customers can configure using an external hardware device that generates a time-based OTP. That feature is also supported by BlockID. We can use that instead of the application, we can have a token, hardware token generating those OTPs that is also supported here.

Robert MacDonald: Okay. Yes. Cool.

Rishabh Srivastava: Yeah. Now to support a completely passwordless flow, we can also disable the username and password of the default Microsoft credential provider, thereby making BlockIDs as the only credential provider, the default credential provider that is available. So we have that as well. So now when the user does a control or lead on their workstations, automatically the QR code is going to pop up, which can be scanned by the user and log them. Now, if the user is not signed out, they are still in session and they have logged the machine, they also have the ability to send push notifications across. The same flow is here as well. And then if the machine is offline by any chance, the user would be prompted to put in their OTPs or password and OTPs as per the policy configured by the administrator.

Robert MacDonald: Cool.

Rishabh Srivastava: Yep.

Robert MacDonald: Very cool.

Rishabh Srivastava: So that covers our Windows use cases. Major ones. Yes.

Javed Shah: So for the most part, the Macs are also kind of... Those videos are representative. I'm happy for you to show the others as well if we have the time, Robert. Yeah.

Robert MacDonald: Yeah. We can do one or two. Why not? It's good to see the-

Rishabh Srivastava: Okay, I'll do [inaudible 00:09:47].

Javed Shah: Tell me it's not Robert the same test user again.

Robert MacDonald: Yeah, absolutely is. You're always testing with the lowest common denominator.

Javed Shah: Oh, finally some [inaudible 00:09:55].

Robert MacDonald: Yeah.

Rishabh Srivastava: Someone different. So let me me just take it back a little bit. So what the user does is they click on whatever the username title is, they have an option to sign a push notification. They click on log in the BlockID. A push notification is sent across to the mobile device. The same procedure. The user approves it, provides the biometric, and then they are logged in.

Robert MacDonald: And you just click the button? That's it?

Rishabh Srivastava: That's it, yes.

Robert MacDonald: Cool.

Rishabh Srivastava: As simple as that.

Robert MacDonald: Nice.

Rishabh Srivastava: And then of course we support OTPs on Mac as well. So what I'm showing over here is, if the machine is offline, it automatically switches to asking the user for the OTP to be entered. And then you can go over to the OTP screen, the Workstation OTP, and then you can log in. Yes.

Robert MacDonald: So you didn't show this on Windows, but so if both things are offline, then it will recognize, oh, you're offline, use the offline OTP, way you go. Cause I mean, that's the question we get from customers all the time. It's like, "Okay, this stuff's all awesome, but what happens when I've got no connectivity?" Well, this is how you get around. Okay.

Rishabh Srivastava: Yes.

Robert MacDonald: Nice.

Rishabh Srivastava: And then we also support MFA on the Macs. Like we saw on the Windows site, the password OTP. Yeah. Now we can type in the user ID, the password and the OTP from the mobile application. And then they would be logged in.

Robert MacDonald: Cool.

Rishabh Srivastava: And then we support OTPs both online and offline. Yes. On the Mac. Yeah. Sorry, Robert.

Robert MacDonald: Yeah, absolutely. So I mean, guys, listen, the cool thing with this is that we're passwordless, that's our big thing, but we have the ability to allow customers to leverage maybe their existing workflow as they move to that passwordless environment. So we showed password stuff today because we know that customers still use them, that they still need a second factor authentication or a multifactor authentication until they get to the point where they can make that transition. Right. I mean, at the end of the day, that's why we have all this stuff available, right?

Rishabh Srivastava: Yep. Yes, exactly.

Robert MacDonald: That's what all my marketing stuff says. Right, Javed?

Javed Shah: [inaudible 00:12:46], it is that good.

Robert MacDonald: All right, Rishabh, listen, that was a great demo. I appreciate that. We appreciate that. Thank you very much. Any parting words?

Rishabh Srivastava: Yeah, switch to passwordless for everyone.

Javed Shah: Love that.

Rishabh Srivastava: [inaudible 00:13:01] they're listening to this. Yeah.

Robert MacDonald: Love it.

Javed Shah: Love that. There you go.

Robert MacDonald: Javed, what about you? Do you want to drop some knowledge before we sign off today?

Javed Shah: Enough said, I think that's enough. And is this the last IB of the year? Could be, potentially.

Robert MacDonald: No, we might have one left.

Javed Shah: Might have one more, but hey, yeah, switch to passwordless and hopefully we can be that.

Robert MacDonald: Switch to 1KOSMOS passwordless if there's a difference, right? Absolutely.

Javed Shah: Absolutely.

Robert MacDonald: All right guys. Thanks a lot. Appreciate it. Everybody that stopped by today, we appreciate you jumping in and listening to our IB Friday and we'll see you again in two weeks.

Javed Shah: Thanks guys.

Robert MacDonald: Thanks everybody.

Rishabh Srivastava: Thank you so much. Bye-Bye.