Whitepaper_OvercomingResistancetoChange

Overcoming Resistance to Change on the Journey to Passwordless MFA

Passwordless MFA White Paper
How to ease users into their new non-phishable
login experience and control the roll out of
passwordless MFA


For most, the move to passwordless represents a much bigger change management initiative, and the risks of failure for hastily planned passwordless deployments are high.

Download our white paper on the “Journey to Passwordless MFA” to explore four key areas where net gains can be had from successfully managing this transition:

  1. Cost Savings: Simplified IAM IT Infrastructure / Vendor Consolidation
  2. Operational Efficiency: Administration, Overhead, and User Productivity
  3. Customer Experience and Loyalty
  4. Security and Risk

 

Register now to get your free copy!

The BlockID Advantage

QR Codes Multi-Channel Password Reset 2FA Support Multiple Personas
QR codes can either replace traditional login or can deploy side-by-side the user id and password for gradual user adoption

While QR codes have been around for some time, their convenience as a touchless interface has only recently been rediscovered on everything from restaurant menus to roadway signage and network broadcasts.

We utilize the power and convenience of QR codes by providing a few lines of JavaScript that place them alongside the familiar user ID and Password fields users recognize on their login page. This provides a convenient option to log in using the QR and biometrics or to login the traditional way using their user ID and password credentials.

Of course password-based authentication can be phased out over time for whatever category of users and time frame seems appropriate. But, the key to successful user adoption is first to enable a very fast and easy method of authentication and then provide users the choice to adopt at their own convenience. The QR code placed adjacent to the traditional log in fields accomplishes just this!

One solution supports multiple authentication channels and methods

We’ve built FIDO2 biometric authentication into all of our solutions, but we also realize that organizations and users need flexibility to accommodate multiple ways to authenticate. That’s why we’ve delivered our solutions in various ways.

Some users have smartphones or tablets with the latest capabilities, and for those users our fully brandable mobile app will work fine for biometric authentication. Our mobile app can also be embedded via API / SDK into an existing mobile application.

Other organizations will want users to utilize those devices, but without downloading the app, and for those users we have our app-less authentication capability.

We also support the ability to utilize FIDO compatible browser-based biometrics using the built-in capabilities of existing smartphones, laptops and desktops.

Convenient password reset allows customers to quickly regain account access

Despite a passwordless authentication strategy, organizations may still need to manage passwords for legacy customer-facing applications for some time to come. To reset these passwords, users often need assistance from customer support.

We’ve developed a password reset capability that enables password reset for legacy systems and applications via biometric authentication. There is no need to remember a previous password, to retrieve a one-time code or to produce some other artifact.

Using the multi-factor authentication enabled by the FIDO2 biometric authentication we simply prompt the user to enter the new password of their choice. No customer service / support is required for the customer to regain access to their account and still keep the fraudsters out!

One solution supports all legacy two-factor authentication needs

On day one of their journey to passwordless authentication many organizations have a variety of authentication protocols in place to shore up password-based logins. These may include one time codes sent via email or SMS, hardware U2F keys, desktop agents and applications with push notifications.

Over time, the move to passwordless authentication reduces reliance on these technologies, but this typically needs to happen over time and should be addressed as part of the strategic plan.

Our solutions have been developed for interoperability and are certified to the NIST 800-63-3 standard. They support legacy factors including email/SMS/TOTP codes, U2F tokens, desktop agents, application push, and even fraud signals from behavioral or session analytics.

This allows a strategic or “graceful” transition from legacy 2FA “one time code” systems allowing IT management to save money, reduce operational burden and streamline the customer experience with minimal headache and disruption.

One reusable identity serves as a digital wallet supplying credentials needed to support multiple accounts and services

In real life, an individual is of course a singular entity, but tends to have multiple business relationships that transcend their personal and professional life. When we apply this abstract to the online world, the identity remains a singular entity, but the association of that identity/credential with the various online services can be described as a persona. And just as in the offline world, one digital identity can have multiple personas.

With 1Kosmos BlockID Customer, there is no practical limit the the number of personas or accounts a user can have. Users can be enabled on any number of accounts — the platform binds their biometric to a FIDO2 certified credential, providing access to multiple accounts via one consistent experience.

This is especially useful for administrators and organizations that have gone through mergers and acquisitions and need to support customers across multiple business units.

Performing strong, verified identity-based authentication for both workers and customers, eliminating the need for passwords, one-time codes, and more.

1 Tower Center Blvd, Suite-1510-17
East Brunswick, NJ 08816


© 1Kosmos Inc., All Rights Reserved. | Privacy Policy | Cookie Policy