The Business Challenge
One of the first challenges as organizations start the journey to passwordless authentication is user adoption.
Security and IT teams live in a heterogeneous world with a mix of old and new systems acquired over years. Newer systems may be easier to retool for passwordless authentication. Older systems will take more effort – the 80 / 20 rule will inevitably apply as those systems will likely take proportionally more effort.
We’ve developed our platform with these considerations in mind. Giving users options and letting them onboard at their own pace, and we also provide a password reset feature when users inevitably forget passwords to those essential systems that will remain password based until replaced.
The BlockID Advantage
QR codes can either replace traditional login or can deploy side-by-side the user ID and password for gradual user adoption
1Kosmos utilizes the power and convenience of QR codes by providing a few lines of JavaScript that place them alongside the familiar user ID and password fields users recognize on their login page. This provides a convenient option to log in using the QR and biometrics or to log in the traditional way using their user ID and password credentials.
Password-based authentication can be phased out over time for whatever category of users and time frame seems appropriate. But, the key to successful user adoption is first to enable a very fast and easy method of authentication and then provide users the choice to adopt at their own convenience. Our approach to implementing identity based authentication via a QR code accomplishes this.
BlockID augments any mobile or web application and can even be implemented in an appless workflow
1Kosmos BlockID provides multiple ways for organizations to deploy our solution:
- The 1Kosmos Mobile App: Our mobile app is available on Apple Store and Google Play and is the interface for users when authenticating with our authentication methods and enrolling their identity
- White Label Mobile App: The 1Kosmos Mobile App is readily brandable. Organizations can display their logo and tailor the appearance to support their brand guidelines.
- Embedded via SDK into Existing App: We provide SDK integration to easily add our solution into existing mobile applications.
- Appless Authentication: Support for FIDO2 enabled devices, means no app download to perform biometric authentication.
Authentication built to work on Windows, Mac, Unix/Linux, iOS and Android means you can secure users no matter what device they are on.
Convenient password reset for legacy applications saves time and money
Despite moving to passwordless authentication, organizations may still need to manage legacy passwords such as Active Directory for some time to come. When it comes to resetting these passwords, users often need assistance from the IT helpdesk. Statistics for this vary, but some estimate 20%-50% of all help desk requests are for password resets and that costs can average around $50 / reset when IT needs to get involved.
We’ve developed a password reset capability that enables password reset for legacy systems and applications via biometric authentication. Using the multi-factor authentication enabled by the FIDO2 biometric authentication we simply prompt the user to enter the new password of their choice. No IT involvement is required for the authorized user to regain access and still keep the fraudsters out.
One reusable identity serves as a digital wallet supplying credentials needed to support multiple accounts and services
With 1Kosmos BlockID Workforce, there is no practical limit to the number of personas or accounts a user can have. Users can be enabled on any number of accounts — the platform binds their biometric to a FIDO2 certified credential, providing access to multiple accounts via one consistent experience.
1Kosmos is a perfect solution for users with elevated privileges. Allow these users to authenticate with our LiveID, without passwords, with high assurance (AAL2). The elimination of a password, as well as the utilization of advanced biometrics for authentication, rules out any risks related to password sharing and therefore insider threats. Plus our authentication’s immutable audit trail means that every access request can be verified if or when you need to audit an event.