The Challenge

Privileged credentials are the targets of choice for hackers. The reason is that privileged accounts are the gateway to an organization’s most sensitive IT infrastructure, including DevOps, critical systems, and applications. This is why the perpetrators of some of the highest profile breaches have leveraged mismanaged or unmonitored privileged accounts. Moreover, the management of privileged access is a necessity and highly complex, given the mix of cloud, hybrid, and on-premise environments and the myriad of human and service accounts involved.

81 percent of hacking-related breaches are the consequence of stolen and weak passwords (2018 Verizon Data Breach Report). This means that an admin who leverages a password at any point during the authentication process to access a privileged account is vulnerable to identity compromise. Also, let’s keep in mind that with a 2FA solution or a Password-based MFA solution, an individual’s password, the first authentication factor, can be stolen and is a prime target for phishing attacks. Therefore, the user shouldn’t know nor manipulate a password to access a privileged account.

Passwordless MFA solutions that involve basic biometrics as a factor of authentication do not ensure the security of your key systems and applications. For example, fingerprint recognition like Touch ID and facial recognition like Face ID do not identify the person using the phone, since multiple fingers/faces can be registered on a single smartphone.

Finally, the addition of security features to protect the access to privileged accounts oftentimes means heightened friction for the user and consequently a frustrating experience.

Bridge the Gap

Bridge the Gap

BlockID allows Thycotic to identify who accesses sensitive systems and applications, whether the privileged user is on premise or working remotely. Under a single application, BlockID combines indisputable NIST-certified digital identity proofing with advanced non spoofable biometrics for passwordless authentication. In addition, BlockID is FIDO2 certified for passwordless access. The combination of these two certifications is a true paradigm shift.
User Biometrics

User Biometrics

BlockID eliminates the vulnerability of passwords by providing Thycotic with a passwordless authentication solution that leverages the privileged user’s advanced biometrics. The user replaces something she knows (a secret, her password) with something she owns (the smartphone) and something she is (an advanced biometric trait).
Access with Ease

Access with Ease

The privileged user experience is greatly improved, since BlockID allows your admins and DevOps users to authenticate with their smartphone, laptop or workstation in seconds, without passwords, to remotely access key systems and applications wherever they are installed and deployed. The elimination of a password as well as the utilisation of advanced biometrics for authentication rules out any risks related to password sharing and therefore insider threats, which are responsible for 22 percent of security incidents (Verizon 2021 Data Breach Investigations Report).
One Enrollment

One Enrollment

Users with privileged access can leverage the BlockID passwordless application to authenticate with any protected apps and systems without having to register their mobile device and identity again. The initial enrollment can be reused on any new endpoint, avoiding a major challenge of other passwordless systems.

Identity-Based Authentication for Thycotic:

Thycotic integration Diagram

The BlockID Key-Differentiators

Compatible Passwordless Authentication

BlockID is the only solution that makes Zero Trust and passwordless authentication for privileged access truly compatible.

The use of password at any point during the authentication process does not verify the identity of the user, making Zero Trust’s never trust, always verify actually impossible. Having said that, Zero Trust does not just mean zero password. NIST-certified, BlockID proofs the identity of the privileged user who authenticates up to IAL2 per the NIST 800-63-3 Guidelines.

Identity-Based Authentication Reliability

BlockID is not only FIDO2 certified but it also brings identity-based authentication to FIDO in place of hope-based authentication.

The FIDO2 standard lacks details about how a user can be identified when the authentication process takes place. BlockID fills that gap by verifying the user’s identity, prior to providing passwordless authentication powered by advanced biometrics.

LiveID for Frictionless Customer Identification

BlockID provides Thycotic users with strong privileged access authentication by replacing cumbersome extra layers such as one-time codes, with unhackable forms of security for specific operations.

Our liveness test, also called LiveID, is a prime example. LiveID is an advanced form of biometric for frictionless user identification and authentication that eliminates any risk of facial spoofing yet is as easy as TouchID and FaceID. By providing strong customer authentication (SCA), BlockID is PSD2 compliant.

A Speedy Integration

BlockID integrates with Thycotic in minutes, literally.

Moreover, BlockID offers extreme flexibility. You choose how you want your privileged users to enroll their identity and whether you want them to authenticate with their biometrics on the BlockID app, a company app, or even appless with a native workstation, laptop or browser.

Skip the Password Retrieving Hassle

If users choose to not go passwordless when accessing applications via Thycotic,

then they can leverage the BlockID application to reset their Thycotic password in seconds, without having to go through the cumbersome process of retrieving or creating a new password online.