HYPR partnership brings no-shared secret authentication to ForgeRock
The powerful integration will accelerate the adoption of the company’s technology, while also bringing a new level of defense against phishing and credential theft, HYPR Co-founder and CEO George Avetisov told Biometric Update in an interview. While the biometrics industry tends to associate its technology with security by default, what the company calls ‘True Passwordless Security’ depends on changes at the architectural level. Biometrics are frequently deployed to provide an improved user experience, while ultimately being linked to ‘shared secrets,’ as in a one-time password (OTP) system.
“A lot of companies really just link their Touch ID or Face ID with a password,” Avetisov points out. “Biometrics kind of opened up everyone’s imagination, but it wasn’t until authentication standards like FIDO took off that people really realized that you can combine these biometric user experiences with a passwordless architecture to actually solve the problem of credential reuse and phishing.”
“Our customers that prioritize user experience, whether for their workforce or their customers understand that traditional authentication modalities are broken,” said ForgeRock Senior Vice President of Global Business and Corporate Development Ben Goodman in the company announcement. “Together with HYPR, ForgeRock’s Intelligent Authentication technology can ensure that the end-user gets the best possible authentication method at any time, in any channel.”
The difference in HYPR’s back-end approach to authentication is its use of public key cryptography, which Avetisov refers to as “the secret sauce, PKC at the core of what HYPR does.”
ForgeRock has partnered with numerous companies, linking them together and offering them through its ForgeRock Marketplace. Behavioral biometrics companies BioCatch and SecuredTouch were added to the ForgeRock network of technologies in April. That rapidly expanding network also conveys a general benefit to all the companies in the ecosystem, according to Avetisov.
“The barrier to integration gets lower and lower as these partner networks grow,” he explains.
HYPR was aware that many of its customers, many of whom are Global 2000 companies, already used ForgeRock to connect the various pieces of their identity management system. Avetisov says with ForgeRock’s industry-leading capabilities for connecting technologies it will now be easier for big and complex enterprise ecosystems to adopt passwordless identity. The integration goes far beyond mutual support, however.
“When we talk about deeper integration, we don’t just mean it works with your ForgeRock build. We want this thing to work out of the box,” Avetisov emphasizes. “We want HYPR to be not just a plug-in that you can deploy, but one that you can deploy within complex applications, and that took a little more effort to actually make this deep integration. Some of HYPR employees are people who have been developing for ForgeRock since before it was called ForgeRock, back in the OpenAM era. Having that talent on our team enabled us to build this deep integration in addition to the go-to-market strategy that we’ve been sharing with them.”
Avetisov lauds ForgeRock’s innovation, and also the effort it put into building a robust integration. These qualities have given the platform a breadth and depth of adoption which is not generally recognized.
“I think ForgeRock as a technology tends to fly under the radar,” Avetisov posits.
For the biometrics industry, the introduction of easy passwordless architecture from HYPR to a critical mass of enterprises via the ForgeRock platform means an opportunity to leverage biometrics for true security, not just productivity and convenience, Avetisov says.
“Biometrics have certainly improved productivity and convenience. We need to start looking at it from a security standpoint. And I’m not talking about false rejection rates and FAR. Let’s be real: the customer doesn’t want to hear about how this one in fifty-thousand FAR rate is better than the other one.”
The role of biometrics in enterprise security is as a powerful component in a holistic approach, Avetisov argues.
The ForgeRock ecosystem supports that approach, and Avetisov says it is an ideal partner for HYPR’s password-free authentication technology. “ForgeRock has made an emphasis that we haven’t seen other make when it comes to passwordless and when it comes to this partnership network that they have.”
The next stage of HYPR’s growth will be driven by adoption in verticals other than banking and financial services, Avetisov believes, in particular health care, and with ForgeRock’s near-ubiquity across numerous verticals, the new partnership brings the company to many of those potential customers.
He anticipates many of them will say: “I’m going in this direction anyway, I’m a ForgeRock customer. Now I can do it with the push of a button.”