Be part of our day by day and weekly newsletters for the newest updates and unique content material on industry-leading AI protection. Be taught Extra
Identities are best-sellers on the darkish net, with well being and finance information being among the many most beneficial as a consequence of their lack of traceability and outdated approaches to defending them that always embody hackable device-dependent MFA strategies. Present approaches that power machine authentication are falling wanting the problem.
When authentication strategies depend on units alone as belief anchors, they’re leaving widening gaps that attackers proceed enhancing their tradecraft to take advantage of. Counting on particular units to authenticate entry additionally introduces larger friction that each consumer has to expertise to get their work accomplished. Attackers are utilizing authentication fatigue strategies mixed with phishing and adversary-in-the-middle (AITM) assaults, all geared toward hijacking a tool restoration course of.
“When we founded Badge, our mission was to solve one of the hardest problems in authentication by moving the trust anchor for digital identities to the human instead of relying on a hardware device that can be lost or stolen,” Tina Srivastava, co-founder of Badge, informed VentureBeat throughout a latest interview.
“We eliminate the secrets in the authentication process. Both the human identity, like biometrics, and the private key are completely eliminated with Badge, ” Srivastava continued.
{Hardware}-dependent MFA: A compelling assault goal
Cybercrime gangs, syndicates and nation-state attackers proceed rising their arsenal of SIM swapping, AITM and Residing off the Land (LOTL) assault strategies and applied sciences. The consequence: the world’s most at-risk industries, together with healthcare, manufacturing, monetary companies, fintech and others, are more and more susceptible to identity-based assaults.
“Adversaries proceed to maximise the usage of stolen identities and try to reduce defenders’ community visibility by ‘living off the land’ and due to this fact lowering potential indicators or alerts on the endpoint, which the adversary is aware of is closely scrutinized. This tactic hinders menace hunters’ potential to distinguish adversary exercise from typical consumer and system administrator exercise, “writes CrowdStrike of their not too long ago launched 2024 Risk Looking Report.
Healthcare is below siege in 2024. Making issues worse, MFA is sporadically applied throughout the {industry}, and device-dependent approaches to MFA have gotten simpler for legal gangs and nation-state attackers to interrupt. “Multifactor authentication (MFA) can provide a robust line of defense, but it is often implemented unevenly, and successful attacks on MFA implementations are on the rise,” based on Gartner of their latest report, How one can Mitigate Account Takeover Dangers.
A latest examine of The Well being and Human Providers HHS Breach Portal finds that greater than 45 million affected person information have been compromised in 2024 year-to-date. Healthcare suppliers, together with hospitals, clinics and remedy facilities, have skilled 365 breaches this 12 months alone, 86% of which began with an IT-based assault on networks.
“Multifactor authentication (MFA) can provide a robust line of defense, but it is often implemented unevenly, and successful attacks on MFA implementations are on the rise,” based on Gartner of their latest report, How one can Mitigate Account Takeover Dangers.
The necessity for device-independent MFA
“With Badge, the device dependency is gone — people are their own roots of trust rather than just a device or token,” Srivastava says. She defined that this method not solely strengthens identity-based safety it additionally improves consumer experiences by eliminating the necessity for fallback authentication processes, which attackers typically goal.
Badge’s device-independent MFA permits customers to enroll as soon as on any machine and authenticate seamlessly throughout all their units with out {hardware} tokens or saved biometrics. Supply: Badge Inc
Because the firm’s founding, she and her workforce have moved shortly within the healthcare, finance and manufacturing industries to shut the rising gaps their prospects had been seeing with hardware-dependent authentication strategies. Badge is seeing regular adoption in healthcare and finance, the place companies need to have their front-line employees enroll as soon as after which authenticate on any workstation or machine with no need to register once more.
Badge’s impression and partnerships
Badge is attracting a rising base of companions primarily based on their potential to ship device-independent MFA at scale throughout enterprises. Partnerships and integrations embody Microsoft, Okta, PingIdentity, Radiant Logic, ForgeRock, and, most not too long ago, Cisco Duo, who sought out Badge for a partnership.
“Badge not only streamlines access across applications and devices but crucially reduces the risk of phishing attacks or credential exposure, making it an indispensable tool for maintaining the integrity of secure environments. Badge is excited to partner with Cisco Duo to bring this important security and user experience benefit to Duo users,” Srivastava informed VentureBeat.
Srivastava says the combination with Cisco Duo unlocks new id and authentication use instances whereas lowering friction and enabling seamless passwordless enrollment utilizing verifiable credentials (VCs).
In a latest weblog put up saying the partnership, Kyle Kilcoyne, international head, of partnerships and know-how at Badge, and Ginger Leishman, know-how partnerships supervisor at Cisco, wrote, “Badge offers a cost-saving solution to help reduce friction and enable seamless, passwordless enrollment using verified credentials (VCs). Badge leverages the initial Identity Verification (IDV) enrollment, and from there the user can authenticate to access this credential anywhere, anytime, on any device. No need for repeat IDVs throughout the user’s lifetime journey. This saves money and user frustration.”
Cisco’s put up continues, saying that “in addition to simplifying the enrollment process, Duo can also operate as a certified passkey provider leveraging Badge, extending the passwordless capabilities of Duo.”
Badge’s imaginative and prescient for the long run
“We see Badge as being the foundation of the identity backplane of the internet. It will be the way that every person authenticates to every application in the world,” Srivastava predicts.
Integration is essential to Badge’s progress. It’s an space Srivastava and her workforce have continued to focus on, seeing it as key to their potential to scale shortly throughout enterprises. “Badge can plug and play with open standards like OIDC. So if a company has Okta, Ping, Microsoft Azure AD, or similar systems deployed, Badge can integrate with open standards,” Srivastava stated.
Seeing integration as desk stakes for rising at scale has been a precedence because the firm was based. Immediately, the corporate has zero-code integration in place supporting Oauth2, OpenID Join, SAML and FIDO requirements.
Srivastava notes that CISOs proceed to contact the corporate, providing their experience and steerage to the fast-growing startup. In response, Badge created a CISO Council. “We’ve had many folks approaching us wanting to be part of it, wanting equity, and wanting to be part of the future vision of Badge. They also want to shape the industry and the thinking around identity and privacy,” Srivastava stated.
“Jeremy Grant, former Senior Executive Advisor at the National Institute of Standards and Technology (NIST) who joined our CISO Council, is a huge proponent of PKI. He helped write the original legislation that led to PKI and CAC cards in the DOD. He has always cared about public key cryptography but has been fascinated by the usability challenges that Badge solves,” she stated. When becoming a member of the Badge CISO Council, Jeremy Grant stated, “As we look to advance more user-centric approaches to identity, Badge is a promising way to address core security and usability challenges and get to the next frontier.”
With identities below siege and attackers on the lookout for new methods to defeat device-dependent MFA, Badge’s progressive method to lowering consumer fatigue and threat whereas redefining belief anchors at scale is required to raised shield each enterprise going through identity-driven cyberattacks.
