FB pixel

No secrets or stored credentials with Badge’s new authentication system

MIT cryptographers release device- and token-free tool to reduce risk of data breaches
No secrets or stored credentials with Badge’s new authentication system
 

Badge Inc., a digital privacy firm founded by MIT cryptographers, is celebrating the launch of its patented authentication software, which allows users to enroll once and authenticate across devices thereafter without re-registration. According to a press release, the biometric public key system is easily integrated with leading digital identity providers, and eliminates the risk of centrally stored personal identity information and biometric data being exposed to breaches, thus rendering passwords, knowledge-based authentication (KBA) and biometric credential storage obsolete.

“The problem of storing credentials has vexed the security community for decades,” says Ray Rothrock, Badge advisor, venture capitalist and former CEO of Red Seal. According to Badge, by doing away with stored credentials the system eliminates the target of 49 percent of all data breaches. “The pervasive concern of PII being in the open and unprotected is over,” says Rothrock. “Badge enables identity without secrets.”

The product does so by letting users derive private keys on the fly using their biometrics and factors of choice, without having to rely on hardware tokens or secrets. It also dodges the problem of on-device authentication that locks users to a specific device that can be lost or rendered inoperable, leading to cumbersome account recovery processes. Per the release, users enroll once then “seamlessly authenticate across any device using authentication factors that are unique and inherent to them, including biometric factors such as fingerprint or face. These biometric factors can be combined with other factors such as passive attributes, attestation signals, PINs, etc.,” for an MFA method that does not rely on a specific device or token.

“You are your token”

Tina P. Srivastava, co-founder of Badge and an MIT aerospace PhD, says Badge’s core mission is to move the trust-anchor for digital identities to the human instead of hardware. “After losing my own identity in a breach,” says Srivastava, “we went back to the fundamentals. We relied on math to solve the problem and used cryptography to build a user-centric solution that makes people their own roots of trust, rather than their device or token. With Badge, you are your token.”

Badge says enterprise security teams should look to its offering for a cost-effective and simple  credential and identity management tool that mitigates downstream costs caused by ransomware attacks or legal consequences from biometric or personal data breaches.

Available on Okta and Auth0 marketplaces

Badge has partnered with identity-for-enterprise firm Okta for one of its first teamings, making its technology available to customers of both Okta and Auth0 Marketplaces through an integration with Auth0. A release says the Badge integration activates its patented enroll-once, authenticate-anywhere technology, allowing users to authenticate with MFA on any device with their preferred biometrics and factors.

“Badge is revolutionizing privacy for consumers so that enterprises can safely move to a future without the liability of storing user biometric templates, PINs, or secrets,” says Charles Herder, another of Badge’s co-founding MIT cryptography PhDs. “Our partnership with the Okta and Auth0 teams is in line with our commitment to integrate our patented and award-winning technology seamlessly with partners using open standards to extend privacy-preserving authentication to the masses.”

Badge is available now as licensed on-prem software or an annual SaaS subscription. For partners, it provides zero-code integration into IAM workflows using standard protocols, including OAuth 2.0, OIDC, SAML, FIDO, TLS, Kerberos, and others.

Article Topics

 |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics deployments expand protection against fraud and lying about your age

Biometrics are protecting against false claims of all sorts in several of the most-read articles of the past week on…

 

UN says law enforcement should not use biometrics to surveil protestors

Law enforcement agencies should not use biometric technology to categorize, profile or remotely identify individuals during protests, the United Nations…

 

How to explain the EUDI Wallet? Industry and citizens discuss Europe’s digital ID

The European Digital Identity (EUDI) Wallet is well on its way towards becoming a reality. To explain the major impact…

 

Decentralize face authentication for control, stronger protection: Youverse

The implementation method of biometric face authentication has become increasingly important in recent years due to the limitations of traditional…

 

Researchers develop display screens with biometric sensor capabilities

Traditional display screens like those built into smartphones require extra sensors for touch control, ambient light, and fingerprint sensing. These…

 

Meta, porn industry and Kansas governor weigh in on age verification

As Europe mulls how to restrict access to certain content for minors, Meta offers its own solution. Meanwhile, U.S. states…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events