Beyond Identity looks to a passwordless future
The death of the password has been predicted for a long time, yet it remains the most common way of logging into systems.
Identity management company Beyond Identity is looking to solve what is one of the biggest challenges in IT security and aims to re-establish trust in authentication chains by finally eliminating passwords as the weakest link.
The company has announced plans to expand its revolutionary approach into Europe with a new data center along with sales and engineering teams. Where many solutions simply bolt biometrics on top of an existing ID and password security solution, Beyond Identity's system completely eliminates insecure passwords and replaces them with asymmetric cryptography.
Systems like Apple Face ID and Microsoft Hello still rely on an underlying password and so are vulnerable if that falls into the wrong hands. Beyond's system uses very small piece of authentication code that binds your biometric identity to your device.
"We actually removed that password from your system," says Beyond's co-founder Tom 'TJ' Jermoluk. "Every device that you have from your laptop to your desktop has that private key advantage. It's strong and it's only you that can activate that, there's no backup password there's no back door and if you don't have that no one can get at it."
The clever bit is that this is using a technology that is already deployed within TLS (formerly SSL and indicated by the lock in the browser window). With certificate management built-in, this proven, secure and scalable approach eliminates passwords, stops account takeovers and ransomware attacks, and also removes login friction for end users.
Because it's using industry standard public key policy it offers that same security level with no danger of passwords being shared around as there's nothing to share any more. There's no piece of information that ever leaves the user's computer that will identify them.
Jermoluk is confident that this could be the beginning of the end for the password. "I will promise that within five years you will not be using passwords for any of your systems for any commercial applications or consumer applications. The awareness of the problem is now sky high because of the acceleration of all these vaccine ransomware attacks."
You can find out more on the Beyond Identity site.