The Challenge

Password-based authentication is no longer sufficient if security is a priority. The Verizon Data Breach Report published in 2018 reported that a staggering 81 percent of hacking-related breaches leveraged either stolen and/or weak passwords. Therefore, a remote access solution secured by a password at any point during the authentication process is vulnerable to identity compromise. Moreover, let’s keep in mind that with a 2FA solution or a Password-based MFA solution, an individual’s password, which is the first authentication factor, can be stolen and is a prime target for phishing attacks, among others.

Passwordless MFA solutions that involve basic biometrics as a factor of authentication do not ensure the security of your data as well as of your employees and customers information. Fingerprint recognition like Touch ID and facial recognition like Face ID do not identify the person who’s using the phone, since multiple fingers/faces can be registered on a single smartphone.

With a remote workforce, the risk of data leak and theft becomes exacerbated by employees who elect to use their personal devices and networks with much lower standards of security than their corporate-controlled alternatives, making it easy for attackers to access company data.

BlockID allows Cisco ASA VPN to identify who accesses systems and applications remotely, regardless of the network, personal or professional. Under a single application, BlockID combines indisputable NIST-certified digital identity proofing with advanced non spoofable biometrics, passwordless authentication. In addition, BlockID is FIDO2 certified. The combination of these two certifications is a true paradigm shift.
BlockID eliminates the vulnerability of passwords by providing Cisco ASA VPN with a passwordless authentication solution that leverages the user’s biometrics. The user replaces something she knows (a secret, her password) with something she owns (the smartphone) and something she is (an advanced biometric trait).
The user experience is greatly improved, since BlockID allows your distributed workforce to authenticate with their smartphone, laptop or workstation in seconds, without passwords, to remotely access systems, applications as well as virtual desktops and networks. The elimination of a password for authentication bypasses the risk an employee may take by leveraging an unsecured personal network to access your systems.
All users of BlockID can leverage the BlockID passwordless application to authenticate with any of your apps, systems and virtual desktops or networks without having to register their mobile device and identity again. The initial enrollment suffices. So, they’re ready to go.

Identity-Based Authentication for Cisco ASA VPN

Cisco Diagram scenario 1 and 2

The BlockID Key-Differentiators

Compatible Passwordless Authentication

BlockID is the only solution that makes Zero Trust and passwordless authentication truly compatible.

The use of password at any point during the authentication process does not verify the identity of the user, making Zero Trust’s never trust, always verify actually impossible. Having said that, Zero Trust does not just mean zero password. NIST-certified, BlockID proofs the identity of the user who authenticates up to IAL2 per the NIST 800-63-3 Guidelines.

Identity-Based Authentication Reliability

BlockID is not only FIDO2 certified but it also brings identity-based authentication to FIDO in place of hope-based authentication.

The FIDO2 standard lacks details about how a user can be identified when the authentication process takes place. BlockID fills that gap by verifying the user’s identity, prior to providing passwordless authentication powered by advanced biometrics.

LiveID for Frictionless Customer Identification

BlockID provides Cisco ASA VPN users with strong employee and customer authentication by replacing cumbersome extra layers such as one-time codes, with unhackable forms of security for specific operations.

Our liveness test, also called LiveID, is a prime example. LiveID is an advanced form of biometric for frictionless customer identification and authentication that eliminates any risk of facial spoofing yet is as easy as TouchID and FaceID. By providing strong customer authentication (SCA), BlockID is PSD2 compliant.

A Speedy Integration

BlockID integrates with Cisco ASA VPN in minutes, literally.

Moreover, BlockID offers extreme flexibility. You choose how you want your employees and customers to enroll their identity and whether you want them to authenticate with their biometrics on the BlockID app, a company app, or even appless with a native workstation, laptop or browser.

Skip the Password Retrieving Hassle

If users choose to not go passwordless when accessing applications via Cisco ASA VPN,

then they can leverage the BlockID application to reset their Cisco ASA VPN password in seconds, without having to go through the cumbersome process of retrieving or creating a new password online.