The pain of passwords is a common issue in today’s world for both users and companies alike. There are either too many passwords to remember, or not enough diversity between them to keep your accounts safe. With breaches resulting from inadequate authentication happening every day, companies are scrambling to define stronger password controls. Verizon states that almost 67% of all hacks occur in some way due to stolen or compromised credentials. But what can be done to change a system that has become so pervasive across the world?
This is where Status Identity’s origin story begins. Our company seeks to provide a solution for the competing priorities of password security and convenience. The increasing complexity of authentication mechanisms was resulting in productivity losses for corporations, and frustrations for their employees. Status Identity brings to market a solution that keeps passwords in their place, but adds a second factor to reduce the risk of that log-in for the enterprise. This is a rapidly growing space called multi-factor authentication (MFA). MFA requires users to validate their identity with answers/factors from two of the following categories: something the user knows (a secret), has (a specific possession), and is (a physical characteristic). While the password has always exacted as a secret that the end-user knows, Status Identity looked at the second factor differently in order to increase security and convenience simultaneously.
Common solutions today send passcodes through phone calls and text messages to authenticate users. With these methods, security relies on third-parties (telecom companies), and hackers have been able to spoof connections to secretly assume users’ phone numbers. The National Institute for Standards and Technology (NIST) has looked at this and recommended that these forms of MFA be replaced. And we can’t forget how much friction is created when users are required to enter in these codes on web pages, perhaps mistyping a single digit causing the whole process to start all over again. So what are we left with?
Status Identity’s solution uses an android or iOS application that resides on the end-user’s phone for quick and convenient MFA. This application interfaces with Status Identity’s authentication service to confirm or deny access. The benefits of utilizing the phone are numerous, as users always have their phone readily accessible to them and have become very used to the features the phone offers for a second-factor of authentication. These same features are leveraged within the app: the user can confirm or deny their access via a push notification, biometric authentication (such as TouchID), soft-tokens, and many other manners. However, the biggest difference that Status identity provides is “Passive MFA”. So what exactly is Passive MFA?
Passive MFA provides corporations and security professionals the security of an additional point of verification without any active involvement required from the end user. Rather than require the end user to take additional steps after entering a single set of credentials, Status Identity simply pings their mobile device and captures data to ensure their behavior is consistent with prior patterns, and contextually relevant. For example, when a user logs-in and types their username and password correctly, Status Identity would then make sure that the user’s phone is in the right area and that the application being accessed is a normal application for this user amongst other criteria. If something seems anomalous, the service would prompt the user to authenticate via one of the above mentioned factors. This logic is built so that the user has the ability to earn the trust of the service and gain access to passive authentication.
Status Identity’s objective is to make the authentication process as easy as possible so that security is an inherent part of your day. If we can leverage several data points at each point of log-in and adapt the optimal authentication mechanism during each access event, we should be able to solve the pain that passwords have caused for many years.
– Nakul Munjal, Status Identity Chief Executive Officer