LaunchKey: Passwordless consumer authentication at scale

iovation announced its LaunchKey mobile multifactor authentication solution. It empowers global consumer brands to improve security and consumer experience by delivering a risk-aware alternative to passwords and two-factor authentication, at scale, via an easy-to-use mobile SaaS solution.


Consumers are increasingly comfortable authenticating into their online accounts via mobile devices, but 2017 will mark a coming-of-age where these devices become the authentication gateway across a broader array of consumer touch points like ATMs, call centers and even in-person retail experiences.

LaunchKey’s new dynamic security policies make it possible for consumer brands to balance the level of assurance they need with the experience their customers demand, by adapting these policies in real time. It does this by leveraging insight into the unexpected anomalies in a user’s session and, when and if these heightened risks arise, LaunchKey can present additional assurance measures based on the brand’s appetite for risk.

“Today marks a milestone in the path to passwordless security for consumer brands,” said Scott Waddell, CTO at iovation. “Consumer authentication is always a balance between risk and user experience, and we wanted LaunchKey to raise the bar on that balance. Now, consumer-facing brands can deploy and manage highly secure multifactor or passwordless authentication across every touchpoint the brand owns, at scale, while consumers benefit from increased security in a user-friendly experience.”

LaunchKey capabilities

With LaunchKey, consumer brands can choose which multifactor authentication options to extend to their customers, creating an interactive solution that lets users choose the authentication approach that best fits their needs, within the brand’s defined security parameters. LaunchKey’s expanded capabilities include:

Dynamic Security Policies: administrators can use dynamic, risk-aligned authentication methods that add immediate, additional assurance wherever new risks appear in online sessions and transactions.

Decentralized and Anonymous Architecture: removes the target created by large, exploitable caches of user credentials, lessening the impact of a breach and subsequent damage to a brand.

Multi-User Authorization: verification of real-time interactions such as large money transfers that rely on the authority of two or more persons.

Uptime Peace of Mind: delivered via iovation’s mature, privately managed, active-active infrastructure – one that has experienced zero downtime in over 24 months – LaunchKey can run at the highest possible transaction scale.

White Label Authenticators: an extensive set of SDKs and APIs allow consumer brands to retain their own look and feel while integrating LaunchKey’s advanced MFA features seamlessly into their apps.

Dynamic For End Users: Consumers have more choice in the authentication process as well, with the ability to select their preferred style of authentication from among the methods the brand builds into its mobile apps.

This product release also paves the way for brands to implement an end-to-end, risk-based authentication strategy by using LaunchKey in tandem with iovation’s ClearKey device-based authentication service. ClearKey is a natural companion for LaunchKey because it uses device fingerprinting and intelligent risk assessment to transparently authenticate users without explicit input. Leveraged together, they represent a cohesive and robust security platform capable of satisfying every consumer authentication need across every business process.

“Brands want to give their customers a better experience, few subscribers want to rip-and-replace the usernames and passwords their customers have relied on for decades,” continues Waddell. “Now brands can employ LaunchKey and ClearKey alongside their current solutions to create a path to phase out passwords completely, over time, in favor of multifactor authentication and device-based solutions that simultaneously enhance customer experience and security.”

RSA Conference 2017

Don't miss