1Kosmos Design1
1Kosmos Design2
1Kosmos Design3

BlockID: HBA-logo vs. Identity-Based Authentication

Lost or stolen passwords are the cause of 81% of data breaches. And yet, 2FA and MFA solutions continue to use them as a first factor. The utilization of usernames and passwords to access systems and apps is what we call HBA-logo, or HBA-short-logo. The definition of hope is "a feeling of trust." Feelings truly have nothing to do with security... 


Fact: The cost of passwords and MFA systems is enormous!


Employees and customers have been relying on usernames and passwords for years. For quite some time already, we've all known that they are the root of so many security and usability problems. When you type your username and password to access your email account, log into a corporate web site, or as part of a 2FA or MFA solution to conduct some business, you just hope no one will intercept your credentials. So, a username and password have resulted in what we call HBA-logo, or HBA-short-logo.

To put it simply: Username + Password = Hope!

In other words if you are using a username and a password anywhere in your systems, you hope:

  • Your user can remember a username and password.
  • Your user can figure your cumbersome MFA system.
  • The password was not stolen from a central database.
  • the password was not stolen via a Man-In-The-Middle (MITM) attack or socially engineered.

Well, as we all know: Hope is not a strategy!

BlockID introduces true Identity-Based Authentication to your systems and user experiences.

HBA-logo vs. Identity-Based Authentication


Look at what the industry has done to strengthen HBA-short-logo:

Because usernames and passwords are so insecure, the industry has created a dozen "layered" technologies in an attempt to strengthen them:

KBA: Knowledge-based authentication is a method of authentication which seeks to prove the identity of someone accessing a service such as a financial institution or website by proving things about their history (i.e. a street that you grew up on).

2FA: Two-factor authentication is a security system that requires two distinct forms of identification in order to access something. Examples include an email or text message.

MFA: Multi-factor authentication combines 3 factors such as knowledge, possession, and inherence.

RBA: Risk-based authentication is a method of applying varying levels of stringency to authentication processes based on the likelihood that access to a given system could result in its being compromised.

SSO: This allows one authentication to be used on multiple servers.  But, most SSO systems still require an initial username and password.

Password Managers:  A password manager assists in generating and retrieving complex passwords, potentially storing such passwords in an encrypted database or calculating them on demand.

Passwordless: Authentication method in which a user can log in to a computer system without the entering a password or any other knowledge-based secret. They create a single point of failure and a central database of a user's passwords.

FIDO: The FIDO Alliance is an open industry association launched in February 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords.

WebAuthN: Web Authentication is a web standard published by the World Wide Web Consortium. WebAuthn is a core component of the FIDO2 Project under the guidance of the FIDO Alliance.

U2F: Universal 2nd Factor is an open standard that strengthens and simplifies two-factor authentication using specialized Universal Serial Bus or near-field communication devices based on similar security technology found in smart cards.

Biometrics: Biometrics are body measurements and calculations related to human characteristics. Biometrics authentication is used in computer science as a form of identification and access control. It is also used to identify individuals in groups that are under surveillance.

Replace ALL of that With Identity-Based Authentication

It's as easy as... 1, 2, 3:

Step 1:  Proof the user

Step 2:  Issue the user their credentials

Step 3:  Let them, and only them, use these credentials

[To our readers: This is NOT a formatting mistake. That's all Identity-Based Authentication requires...]

With 1Kosmos BlockID, your customers will always be who they say they are. So will your employees!

  • 1Kosmos BlockID enrolls identity attributes that include the user's biometrics. We reach the highest level of assurance (IAL3) in terms of identity assurance per the NIST 800-63 Guidelines. The creation of a synthetic identity becomes virtually impossible.
  • We authenticate users by reaching the highest level of assurance (AAL3) per the NIST 800-63 Guidelines. 
  • The utilization of advanced Biometrics to secure the identity of your customers and employees. A hacker cannot reproduce and therefore compromise the analysis and result of a liveness test, for example.  
  • A distributed ledger that is virtually uncompromisable and that initiates peer-to-peer transactions while ensuring the immutability of the data stored is the answer to risks associated with systems hacking.
  • The combination of advanced Biometrics to enroll and authenticate your customers and employees and distributed ledger technology guarantees data is securely stored while facilitating all exchanges between your consumer and your platform or between your organization and your employees.
  • Users' and employees' data is stored encrypted.

Data Storage and The BlockID Blockchain Ecosystem.

Our Blockchain-based data storage architecture promotes trust between your organization and your customers for all transactions purposes and more and mitigates internal fraudulent issues.

Leveraging the BlockID Blockchain Ecosystem entails storing the customers and employees biometric information in a virtually incorruptible system to ensure they are who they say they are at all times throughout the process. Employees' and customers' data stored in our distributed ledger aren't subjected to data breaches. 

The immutability of a distributed ledger is leveraged to record service provider-customer interactions. The document can never be modified, leaving an auditing trail, and therefore creating trust between all parties involved.

1Kosmos BlockID Left Separator

Contact us to learn more about BlockID for Financial Services.


chose 1Kosmos BlockID

“Cybercrime is a daily threat to every organization and government across the globe...These Verizon solutions (powered by 1Kosmos BlockID) offer a significant step forward in cybersecurity protection.”
Alex Schlager, Executive Director and Chief Product Officer of security services at Verizon Business