BIO-key International introduced its new mobile app, BIO-key MobileAuth with PalmPositive the latest among over sixteen strong authentication factors available for BIO-key’s PortalGuard Identity-as-a-Service (IDaaS) platform.
MobileAuth’s fast, touchless biometric user authentication – using a palm scan – works with any Android or iOS device to provide the unprecedented combination of a simple, privacy-protected, and convenient user experience with the identity integrity and availability that enterprises require.
While multi-factor authentication (MFA) is an essential part of any IAM strategy, organizations such as NIST and the FBI have warned that traditional MFA methods such as passwords and phone-based methods, including one-time password (OTP) generators and SMS codes, remain vulnerable to social engineering and cyberattacks.
Moreover, relying parties, lose control over who is accessing their systems, since the end-user can share a credential or enroll additional users into their phones, without the relying party’s consent. In addition, hardware tokens with their lifecycle costs, lost token churn and difficult user experiences present other challenges.
According to the 2020 Verizon Data Breach Investigations Report, 81% of hacking-related breaches leverage stolen or weak passwords. This, along with other well-documented password challenges, has driven the adoption of passwordless workflows using phone apps secured with user-controlled device-based biometrics or other device-unlock factors.
While more secure than passwords, reports of account sharing, unauthorized delegation, and SIM swapping demonstrate that this type of biometrics lacks the integrity and availability required to support enterprise-level security.
BIO-key MobileAuth with PalmPositive offers a different way to authenticate, eliminating the inconvenience, security risks, and costs of traditional authentication methods by introducing the new category of Identity-Bound Biometrics (IBB), which are well-suited for everyday use cases including remote workforces, third-party access, Customer IAM (CIAM), and passwordless workflows.
Starting with PalmPositive as the first Identity-Bound Biometrics authentication method, future methods including voice and facial recognition will be added to BIO-key MobileAuth in 2021 to continue to offer the highest levels of:
- Integrity: by permanently binding a biometric (palm scan) to the user’s digital identity to ensure only they can use their account privileges, not a proxy.
- Availability: because the user is free to authenticate themselves across multiple devices, even if a new device is introduced.
- Security: because biometrics cannot be forgotten, phished, stolen, or forged. Built-in liveness detection prevents imposters from using scanned pictures or fakes.
- Accuracy: a palm scan is up to 400x more accurate than common user-controlled device-based biometric authentication methods.
“With the obvious deficiencies in traditional authentication methods, we believe it is time to challenge the status quo,” said Michael DePasquale, Chairman and CEO of BIO-key International.
“While we still provide customers with a full suite of flexible authentication options, we felt it was important to introduce a different way to authenticate that costs less and provides the security controls enterprises need without sacrificing convenience.
“By launching BIO-key MobileAuth with PalmPositive as a form of Identity-Bound Biometrics, customers can have the confidence that their multi-factor authentication and passwordless workflows will distinguish legitimate users from hackers.”
BIO-key MobileAuth is an easy-to-use mobile app with no new hardware required and a fast QR code registration and enrollment process that can be completed in seconds.
As part of BIO-key’s PortalGuard IDaaS platform, BIO-key MobileAuth supports its MFA and Single Sign-On (SSO) solutions to streamline logins while making them more secure. BIO-key MobileAuth with PalmPositive is now available for both iOS and Android and requires an active BIO-key PortalGuard IDaaS account.