Keep up with the digital identity landscape.
Passwords are used to protect everything from emails and social media accounts to bank and personal health information. As enterprises increasingly embrace digital transformation, though, it may be time for the password to evolve as well. Currently, the use of passwords is still a very standard form of security for users to protect their information and accounts. Although they do provide some amount of security, security breaches and hacks happen all too often.
Direct personal security is one issue with passwords. However, it is on the larger scale where the drawbacks of passwords become apparent. Large organizations and corporations store employee and user passwords in large databases. Although many of these databases are encrypted or hashed, their existence puts a huge target on companies, as password databases are one of the most easily monetized forms of stolen information. In fact, research from Digital Shadows found 15 billion stolen username and password combinations circulating on the dark web.
Furthermore, data breaches have been happening at a higher rate than ever despite supposed improvements to cybersecurity, and successful attacks have been conducted on high-profile companies as well. In the first half of 2019 alone, there were over 3,800 publicly disclosed data breaches and 4.1 million records exposed, including security breaches from Capital One, Evite, DoorDash, Georgia Tech University, and the Federal Emergency Management Agency. Evidently, there are many flaws in password protection that need to be addressed.
This past July, Beyond Identity, a passwordless identity management company, announced that it joined the FIDO Alliance. Beyond Identity startup with a mission to empower people and businesses to securely, privately, and effortlessly control their digital identities by restoring trust and building a secure way for user authentication and authorization.
Beyond Identity was publicly launched in April of this year, by a team of founders including Jim Clark and TJ Jermoluk. The company created a new identity-based passwordless cybersecurity solution centered around the concept of personal certificate authority. In particular, Beyond Identity’s technology employs self-signed certificates on endpoint devices to fundamentally change the way users log in to a network. Through this, it extends the server-to-server chain of trust established with TLS to users and their devices.
Founded in 2012 by industry veterans from Paypal, Lenovo, Nok Nok Labs, Validity Sensors, Infineon, and Agnitio, the FIDO (Fast Identity Online) Alliance is an open coalition that aims to reset authentication standards in order to reduce the world’s over-reliance on passwords. To work towards this goal, the FIDO Alliance focuses on:
The creation of the FIDO Alliance was inspired by a discussion between Paypal and Validity Sensors regarding the use of biometrics for online user identification. Eight years since the seed of the concept, the FIDO Alliance has grown since then, and has deployed authorization solutions in companies including Google, Aetna, Salesforce, Facebook, Bank of America, and more. Furthermore, the Alliance also has liaison partnerships with companies and organizations such as the DIACC, W3C, Bluetooth, and more.
Evidently, to keep up with the quickly-evolving technology industry, new security solutions are needed. This is where companies like Beyond Identity come into play.
“No one has ever said ‘I love my password.’ Nobody wants to create them, manage them, or change them. They would rather use some other easy, secure way to do it,” explained Patrick McBride, the CMO of Beyond Identity. “However, security’s usually a trade-off. If I dial up the risk management, make it less risky, I make it harder for users. So, the question becomes, can I improve risk and improve the user experience at the same time?”
The COVID-19 pandemic has only amplified this need for improved security solutions. With employees working remotely around the world, company resources, information, and data need to be accessible from virtually anywhere. So, regulating authentication and authorization in this new digital climate becomes even more difficult.
“In the old days of cybersecurity, you put firewalls in place, and there was this castle-and-moat idea of security—keep the bad guys out and let the good guys in. But let them into what? Nowadays, it’s about knowing who a person is, and knowing that you want to let that particular person in,” said McBride. “What firewalls used to do for the perimeter 10-15 years ago, identity now does for organizations. So, passwordless is step one—but it’s not enough. If you believe in this idea of identity being the new perimeter, you need not just strong authentication—you need risk-based authorization based on other telemetry data, like the security posture of the device you’re trying to access something with. With information about the device, you can make a risk-adjusted assessment about whether you want to let this person in using this particular device to this particular application.”
This new model of cybersecurity is only fitting for the increasingly digitized world, regardless of the pandemic forcing people to work from home. With the growth of the FIDO Alliance and companies like Beyond Identity, it is clear that a more secure and seamlessly interoperable authentication and authorization solution needs to be developed and widely implemented—and it seems to be that identity is the missing puzzle piece.
Keep up with the digital identity landscape.
Bringing together key partners, platforms and providers to build the future of identity.Apply