The 2017 RSA Conference has been chock full of announcements, leaving many a security analyst in wonder for what the future holds for InfoSec. Yet, one consistent theme at the conference has been authentication, or more simply put, how to better secure access to resources. For many, the weak link in the authentication chain has been the much maligned “password”, and the drive to replace passwords with a more secure technology has never been greater.
Passwords have become a necessary evil and many users complain about the burden of coming up with complex passwords, and the even bigger challenge of remembering those passwords. That in itself has created additional security problems, where users turn to sticky notes, password managers and other shortcuts to jog their memories, at least when it comes time to logon. Truth be told, those shortcuts only broaden the attack footprint, giving hackers something else to go after when trying to compromise accounts and gain access to protected systems.
What’s more, passwords can be an expensive burden for the typical enterprise. According to the Gartner Group, between 20% to 50% of all help desk calls are for password resets. Forrester Research states that the average help desk labor cost for a single password reset is about $70. Although statistics vary based upon the business, the following fact remains; the stronger the enforcement of security policy for password management, the greater the number of calls for password resets.
For the user, a forgotten password represents frustration. However, IT views password recovery as a mundane and time consuming task, which can be construed as the leading cause of high turnover in technical support positions.
The industry as a whole has tried to alleviate the password conundrum with technologies such as two factor authentication, biometrics and other alternatives that can strengthen passwords, while also easing access. The only problem is that those technologies add management complexity to already complex networks, and often require re-engineering of IT solutions to be truly effective.
Mickey Boodaei and Rakesh Loonkar, co-founders of Transmit Security, are looking to put the final nail in the password coffin with a new authentication concept, one that eschews traditional passwords.
“After working with more than 400 of the world’s largest financial institutions, we identified authentication as the next major hurdle they, and other industries, face from a security, fraud prevention, regulatory and customer experience perspective,” said Boodaei, CEO of Transmit Security.
The Transmit Security Platform (SP) uses mobile devices as the primary delivery mechanism for authentication chores and then provides additional security in the form of integrating a secondary identity verification (facial/selfie, eye, touch ID and fingerprint, voice biometrics, SMS, etc.), in essence creating a two-factor authentication system that can leverage biometrics. What’s more, the platform is designed to be easily integrated into any application (web, mobile, call center, point of sale, ATMs, etc.). Once deployed, an enterprise can make changes to all their authentication methods and identity risk flows without any code changes to their applications.
“Today, most enterprises are hard-coding authentication, anti-fraud logic and complex exceptions directly into each application, which prevents them from being able to quickly deploy new identity flows and use cases,” added Loonkar, president of Transmit Security. “Since our platform unifies authentication, and fraud prevention in a new architecture, it allows customers to change identity tools and flows without code updates to their applications, for faster time to market for new features and innovations. We can demonstrate how customers can execute on complex identity projects, and thousands of use cases, in literally minutes.”
To eliminate the need to embed authenticators into each application, Transmit SP uses a simple interface to offload all authentication and provisioning tasks. It provides a wide set of built-in authentication methods that enable organizations to mix-and-match any combination of facial, eye, voice, fingerprint recognition, one time passwords (OTP), push notifications, pattern drawing, Device ID, and other 3rd party or internally developed authenticators.
Once an application is connected to Transmit SP, any of the authenticators and any authentication process can be changed, added or removed without any software development. Transmit SP also supports any existing third-party authentication or anti-fraud products in use, and can orchestrate real-time responses based on customer configured policies.
Time will tell if Transmit Security has the solution to the password conundrum. However, one thing is certain, passwords are certainly on the way out and two factor authentication paired with biometrics may very well be the solution.