Nok Nok adds strong account recovery to S3 Suite with Jumio partnership
Nok Nok Labs has integrated multiple ID proofing methods for account recovery in the newest version of its S3 Authentication Suite, to address a remaining weakness common to account security by augmenting strong authentication with strong account recovery. Account recovery methods integrated in the new version of the Nok Nok S3 Suite include Email-OTP, SMS-OTP, and Selfie + Picture ID Validation, which Nok Nok Labs Senior Director of Products and Technology Rolf Lindemann told Biometric Update in an interview is provided by Jumio.
The announcement cites a Gigya survey (PDF) which shows that 84 percent of people had reset a password at least once in the past year, and Lindemann says Nok Nok’s internal research indicates that the number of people using the S3 Suite who lose their authenticator is between 3 and 5 percent per year. Despite this substantial reduction, account recovery events have remained a relative weak point in account security, because they traditionally rely on either the security of other elements, such as registered devices or email accounts, or require users to repeat cumbersome processes used for account opening.
The new account recovery features can be combined with each other, or with customer’s existing methods, and various recovery methods can be implemented with policy flexibility for different regions or account types.
“What we essentially provide is a platform for our customers to integrate once with a single API to do all the authentication and account recovery identity proofing stuff,” Lindemann says. “We initially integrated three account recovery methods, SMS OTP, email OTP, and Jumio as an ID proofing provider, and we provide an open API for our customers to integrate their existing methods if they want, and for us also to have the ability to add more providers in the future.”
He says other identity schemes, including biometric schemes like South Africa’s National Identification System, which the government announced would add face and iris biometrics earlier this year, could potentially also be integrated for ID proofing.
Lindemann says that there is no single method for account recovery which is a magic bullet, and because heavily regulated industries will have different national or regional requirements, Nok Nok’s strategy is to start with a flexible platform for strong account recovery that works well. He also observes that breaches involving Social Security Numbers have changed the way identity is viewed in the U.S. market.
“Now there is a shift towards a more dynamic method,” he notes, “where maybe you have to show your face from different angles. So now we have a platform where we can integrate the different solutions which have evolved in different parts of the world and have been approved by regulators, as opposed to redeveloping and reapproving those methods, we integrate with existing providers, and give a single platform with a single API which is the same to make it easier for our customers to support the different methods used in different parts of the world.”
The new version of the S3 Suite is expected to become available in December.
The Nok Nok S3 Authenticaton Suite was certified for the FIDO2 protocol in September.