Combat Cyber Threats with 1Kosmos’s Identity-First Authentication

Robert MacDonald, VP Product Marketing at 1Kosmos, discusses redefining digital security with 1Kosmos' pioneering identity


Bangalore : Robert MacDonald, VP Product Marketing at 1Kosmos, discusses redefining digital security with 1Kosmos’ pioneering identity first approach to passwordless authentication to combat cyber threats, the inspiration behind adopting this approach, and the advantages it offers over traditional password-based authentication.

Could you please explain passwordless authentication?

Passwordless authentication is a way of validating a user’s identification that does not need the use of a password. Instead of depending on a secret password that may be guessed or stolen, passwordless authentication uses biometric data (e.g., TouchID, FaceID, or face recognition biometric), hardware tokens, or public key cryptography to validate the user’s identity.

Many of the security problems connected with passwords are eliminated by this method, including weak passwords, password reuse, password sharing, and password theft through phishing attempts. Passwordless authentication also makes the login procedure easier for users by eliminating the need to remember several difficult passwords.

What prompted you to use passwordless authentication?

The present authentication strategy throws the burden of security on the user, and to make things worse, the user experience is abysmal. Our objective was to enhance both the user experience and security. Both of these actions would eliminate password-based attacks and prevent fraud.

The first step in securing user accounts is authentication. We now offer organisations a powerful multi-factor authentication technology that secures every point of entry while offering users total control over transaction approval and information access.

How do you intend to deploy passwordless authentication in a company?

1Kosmos’ innovative solution combines identity proofing and authentication to remove friction during user onboarding, and then provides those users with a convenient non-phishable biometric-based authentication experience, allowing organisations to confidently phase out passwords, thereby eliminating most account takeover and fraud.

How does passwordless authentication differ from typical password-based authentication?

Passwords are vulnerable to security concerns such as theft, phishing, and brute force assaults. Passwordless authentication mitigates these dangers by using more secure and dependable mechanisms such as biometric data, hardware tokens, or public key cryptography.

Passwordless authentication is more user-friendly than standard password-based authentication, which often necessitates users remembering and managing many difficult passwords. Passwordless authentication makes login easier and less burdensome for users.

Passwordless authentication may save money in the long term since it removes the need for password resets, account lockouts, and other support expenses associated with password-based authentication.

Regulatory Compliance: By offering a more secure and reliable authentication option, passwordless authentication may assist organisations in meeting regulatory compliance standards such as GDPR and PCI-DSS.

What are the potential drawbacks of implementing passwordless authentication?

The drawbacks can depend on the service provider in many cases. However, there are XX considerations:

Limited Compatibility: Not all systems and applications support passwordless authentication, which could limit its compatibility with existing systems and increase the cost of implementation.

User Privacy: Some users may be concerned about the collection and storage of their data, as it could potentially be used for other purposes or compromised in a data breach.

Cost: Implementing some forms of passwordless authentication may require additional investment in hardware, software, and training to ensure a smooth transition.

Vendor Lock-In: In some cases, passwordless authentication can rely on a single platform or device, and in such cases, users would be bound to a passwordless authentication on that platform or device only, limiting the user authentication capabilities.

All or Nothing: When transitioning to passwordless, organizations may be forced to perform a hard switch. Meaning, one day users log in as they have and the next day is a passwordless experience. The sudden change can cause havoc with users who are underprepared.

How will you ensure security in passwordless authentication?

1Kosmos takes an elegant approach to secure passwordless authentication. We verify the user’s identity and match the user’s biometric captured at enrollment, at every authentication request.  The user’s biometric is bound to a public / private key pair, so the biometric can’t be spoofed, the session can’t be compromised, and the biometric cannot be stolen. Every access attempt physically verifies the user identity leaving no chance for impostors to log in.

How will users be able to reset their password if they forget their passwordless authentication method?

The 1Kosmos platform comes with several convenient features, such as password reset for legacy or other systems that cannot support a passwordless workflow. Our password reset feature can utilize a user biometric to ensure the validity of the request is coming from a verified user.

How will you measure the success of passwordless authentication implementation in an organization?

There are many ways we measure the success of a 1Kosmos deployment with our customers. These four stand out:

User Adoption: We look to track the percentage of users who have adopted passwordless authentication. A higher adoption rate indicates that users are finding the new authentication method easy to use and more secure.

Reduction in Help Desk Calls: Passwordless authentication can significantly reduce the number of help desk calls related to password resets and lockouts. A reduction in these types of calls is a good indication that users have adopted our user experience.

Cost Savings: The reduction of authentication platforms, hardware tokens, password resets, and other related costs.

User Feedback: Lastly, and maybe the most important, is feedback from users on their experience with our passwordless authentication experience.

How will you handle legacy systems that do not support passwordless authentication?

We recognize that not all platforms can support a passwordless experience. That’s why we have well over 50 out-of-the-box connectors, open APIs, and a robust SDK. We can implement a consistent authentication experience from our app to authenticate a user with a traditional MFA workflow, the same app they’d use to authenticate passwordless. Our platform can ensure long-term interoperable solution viability and improve return on investment by reducing overall management costs.

Will you still offer traditional password-based authentication for users who prefer it? If so, how will you ensure the security of both methods?

YES! Coexistence is a deployment we believe strongly in. Offering a coexistence strategy for deployment will provide a side-by-side login experience where users can choose to log in as before (username and password+2FA) or passwordless. Allowing users to choose when to make the switch will improve the acceptance rate, and as laggards see the experience others have adopted, their move to passwordless will be out of excitement and curiosity vs resentment and resistance.