The Business Challenge
Passwords remain the #1 security problem for organizations, but they also represent a source of frustration and inconvenience for users as well.
Let’s be honest — it takes a great deal of investment and effort to protect passwords, and for good reason — they are essentially the keys to the enterprise.
But, is it time to take a fresh look at how we are securing applications or more specifically how we are authenticating users to access them?
This question is propelling many organizations to evaluate multi-factor authentication and others to look into passwordless authentication. But, if we’re to evaluate and accomplish change, maybe the customer and their experience is the place to start.
Customers like being recognized. Customers are human after all and humans have senses. We see things and we respond ideally in logical ways to information we sense. As this intelligence gets built into our technologies, it seems to make sense then to sense and respond to the human condition and the human form especially when this advancement produces a safer and more convenient experience for the customer and a more efficient, secure and cost-effective result for the business.
This is the promise and the track record of biometric authentication when delivered via a FIDO2 and NIST 800-63-3 certified platform. The 1Kosmos BlockID platform deploys quickly, facilitates rapid user adoption, and provides a high degree of flexibility in supporting multiple authentication channels and even legacy two-factor authentication mechanisms.
1Kosmos BlockID Customer provides biometric passwordless authentication with optional identity proofing that can adjust to flexible levels of identity assertion to support the needs of your business, and most specifically, to support the evolving needs of your customers.
The BlockID Advantage
QR codes can either replace traditional login or can deploy side-by-side the user id and password for gradual user adoption
While QR codes have been around for some time, their convenience as a touchless interface has only recently been rediscovered on everything from restaurant menus to roadway signage and network broadcasts.
Of course password-based authentication can be phased out over time for whatever category of users and time frame seems appropriate. But, the key to successful user adoption is first to enable a very fast and easy method of authentication and then provide users the choice to adopt at their own convenience. The QR code placed adjacent to the traditional log in fields accomplishes just this!
One solution supports multiple authentication channels and methods
We’ve built FIDO2 biometric authentication into all of our solutions, but we also realize that organizations and users need flexibility to accommodate multiple ways to authenticate. That’s why we’ve delivered our solutions in various ways.
Some users have smartphones or tablets with the latest capabilities, and for those users our fully brandable mobile app will work fine for biometric authentication. Our mobile app can also be embedded via API / SDK into an existing mobile application.
Other organizations will want users to utilize those devices, but without downloading the app, and for those users we have our app-less authentication capability.
We also support the ability to utilize FIDO compatible browser-based biometrics using the built-in capabilities of existing smartphones, laptops and desktops.
Convenient password reset allows customers to quickly regain account access
Despite a passwordless authentication strategy, organizations may still need to manage passwords for legacy customer-facing applications for some time to come. To reset these passwords, users often need assistance from customer support.
We’ve developed a password reset capability that enables password reset for legacy systems and applications via biometric authentication. There is no need to remember a previous password, to retrieve a one-time code or to produce some other artifact.
Using the multi-factor authentication enabled by the FIDO2 biometric authentication we simply prompt the user to enter the new password of their choice. No customer service / support is required for the customer to regain access to their account and still keep the fraudsters out!
One solution supports all legacy two-factor authentication needs
On day one of their journey to passwordless authentication many organizations have a variety of authentication protocols in place to shore up password-based logins. These may include one time codes sent via email or SMS, hardware U2F keys, desktop agents and applications with push notifications.
Over time, the move to passwordless authentication reduces reliance on these technologies, but this typically needs to happen over time and should be addressed as part of the strategic plan.
Our solutions have been developed for interoperability and are certified to the NIST 800-63-3 standard. They support legacy factors including email/SMS/TOTP codes, U2F tokens, desktop agents, application push, and even fraud signals from behavioral or session analytics.
This allows a strategic or “graceful” transition from legacy 2FA “one time code” systems allowing IT management to save money, reduce operational burden and streamline the customer experience with minimal headache and disruption.
One reusable identity serves as a digital wallet supplying credentials needed to support multiple accounts and services
In real life, an individual is of course a singular entity, but tends to have multiple business relationships that transcend their personal and professional life. When we apply this abstract to the online world, the identity remains a singular entity, but the association of that identity/credential with the various online services can be described as a persona. And just as in the offline world, one digital identity can have multiple personas.
With 1Kosmos BlockID Customer, there is no practical limit the the number of personas or accounts a user can have. Users can be enabled on any number of accounts — the platform binds their biometric to a FIDO2 certified credential, providing access to multiple accounts via one consistent experience.
This is especially useful for administrators and organizations that have gone through mergers and acquisitions and need to support customers across multiple business units.