FB pixel

No secrets or stored credentials with Badge’s new authentication system

MIT cryptographers release device- and token-free tool to reduce risk of data breaches
No secrets or stored credentials with Badge’s new authentication system
 

Badge Inc., a digital privacy firm founded by MIT cryptographers, is celebrating the launch of its patented authentication software, which allows users to enroll once and authenticate across devices thereafter without re-registration. According to a press release, the biometric public key system is easily integrated with leading digital identity providers, and eliminates the risk of centrally stored personal identity information and biometric data being exposed to breaches, thus rendering passwords, knowledge-based authentication (KBA) and biometric credential storage obsolete.

“The problem of storing credentials has vexed the security community for decades,” says Ray Rothrock, Badge advisor, venture capitalist and former CEO of Red Seal. According to Badge, by doing away with stored credentials the system eliminates the target of 49 percent of all data breaches. “The pervasive concern of PII being in the open and unprotected is over,” says Rothrock. “Badge enables identity without secrets.”

The product does so by letting users derive private keys on the fly using their biometrics and factors of choice, without having to rely on hardware tokens or secrets. It also dodges the problem of on-device authentication that locks users to a specific device that can be lost or rendered inoperable, leading to cumbersome account recovery processes. Per the release, users enroll once then “seamlessly authenticate across any device using authentication factors that are unique and inherent to them, including biometric factors such as fingerprint or face. These biometric factors can be combined with other factors such as passive attributes, attestation signals, PINs, etc.,” for an MFA method that does not rely on a specific device or token.

“You are your token”

Tina P. Srivastava, co-founder of Badge and an MIT aerospace PhD, says Badge’s core mission is to move the trust-anchor for digital identities to the human instead of hardware. “After losing my own identity in a breach,” says Srivastava, “we went back to the fundamentals. We relied on math to solve the problem and used cryptography to build a user-centric solution that makes people their own roots of trust, rather than their device or token. With Badge, you are your token.”

Badge says enterprise security teams should look to its offering for a cost-effective and simple  credential and identity management tool that mitigates downstream costs caused by ransomware attacks or legal consequences from biometric or personal data breaches.

Available on Okta and Auth0 marketplaces

Badge has partnered with identity-for-enterprise firm Okta for one of its first teamings, making its technology available to customers of both Okta and Auth0 Marketplaces through an integration with Auth0. A release says the Badge integration activates its patented enroll-once, authenticate-anywhere technology, allowing users to authenticate with MFA on any device with their preferred biometrics and factors.

“Badge is revolutionizing privacy for consumers so that enterprises can safely move to a future without the liability of storing user biometric templates, PINs, or secrets,” says Charles Herder, another of Badge’s co-founding MIT cryptography PhDs. “Our partnership with the Okta and Auth0 teams is in line with our commitment to integrate our patented and award-winning technology seamlessly with partners using open standards to extend privacy-preserving authentication to the masses.”

Badge is available now as licensed on-prem software or an annual SaaS subscription. For partners, it provides zero-code integration into IAM workflows using standard protocols, including OAuth 2.0, OIDC, SAML, FIDO, TLS, Kerberos, and others.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Passkey adoption by Australian govt, banks drives wider passwordless authentication

It’s high noon for passwords. Across the Authentication Corral, an inscrutable stranger saunters up and puts their hand on the…

 

‘New era in travel’: airports, airlines continue to be sweet spot for biometrics

A fascinating experiment in biometrics would be to find a privacy conscious person who would generally avoid facial recognition, put…

 

Limitations of FRT apparent in search for United Healthcare CEO’s killer

The murder of United Healthcare CEO Brian Thompson in Midtown Manhattan involved the use of facial recognition technology (FRT) to…

 

OpenID, BIO-key, RSA, SecureAuth showcase at Gartner IAM Summit

The 2024 Gartner Identity & Access Management Summit, running from December 9-11 in Grapevine, Texas, is playing host to names…

 

Aboriginal digital ID offers Indigenous Australians pathway to essential services

There are more than 200,000 Aboriginal and Torres Strait Islanders in Australia who lack a birth certificate. Without this vital…

 

Australia piloting myGov app and Trust Exchange for sharing medical data

The Australian government has launched a pilot of its myGov public services app and Services Australia’s Trust Exchange (TEx) proof-of-concept…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events