Nametag patents method for solving user lockouts during MFA resets

Resetting a password for an account with multi-factor authentication (MFA) enabled can often lead to challenges that sometimes require users to seek assistance from customer support and undergo identity verification.

Nametag has introduced a potential solution by allowing users to securely enroll new MFA devices using a government-issued ID and a selfie photo. This enhancement in the MFA reset process addresses a crucial vulnerability frequently exploited by malicious actors, which could result in account takeovers and data breaches.

The U.S. patent office has granted Nametag patent 11949787 for “Systems and Methods for Linking an Authentication Account to a Device.” This patented solution is described as a self-service option for MFA and password resets.

“Our technology enables seamless MFA rebinding that reduces cost and risk for our customers while saving people time and frustration. We congratulate our team on this patent and for bringing this technology to the industry to help improve outcomes in both security and user experience,” says Aaron Painter, CEO of Nametag.

Within the system, there exists an authentication central server responsible for maintaining and managing authentication profiles. These profiles include a profile image, date of birth, and authentication data, such as passwords and biometric information.

The authentication server initiates a secure session with an authentication service on the user’s client device, such as a smartphone or computer. During this session, the authentication server receives a request from the client device, containing the device key, date of birth, and biometric image.

Upon receiving the request, the authentication server searches its database of authentication profiles to identify those with matching dates of birth. Additionally, it extracts biometric features from the provided image.

If the biometric features match, the authentication server associates the device key of the client device with the user’s authentication profile in its database.

The system requests an identification document, such as a driver’s license or passport, to further improve the security and precision of the authentication process.

The authentication server extracts the user’s date of birth and facial data from the ID and then compares the biometric image to ensure that the individual in the live capture matches the person in the identification document.

“This technology marks an important milestone in multi-factor authentication,” Painter adds.

Article Topics

biometrics  |  identity verification  |  multifactor authentication  |  NameTag  |  patents  |  selfie biometrics