First-of-its kind partnership unlocks massive market opportunity for reusable identity with Badge's award winning privacy-preserving and phishing-resistant authentication

SAN FRANCISCO, July 11, 2024 /PRNewswire/ -- Badge Inc., the award-winning privacy company enabling Identity without Secrets™, today announced a partnership with Cisco Duo to revolutionize Multifactor Authentication (MFA) with the industry's first hardware-independent roaming MFA solution. With this unique integration, Duo and Badge are setting new standards for what's possible in secure, efficient, and user-friendly identity and authentication solutions.

Badge - Identity without Secrets™ (PRNewsfoto/Badge)

Cisco Duo's blog post announcing the new Badge and Duo integration says, "Badge helps Duo strengthen its security posture with a seamless MFA experience that's both portable and resistant to phishing, while also enabling a truly passwordless user experience." The piece explains that MFA is an important security tool to combat unauthorized account access, however, it is not infallible. Traditional hardware-based MFA is high friction, can disrupt operations, and the resulting employee workarounds significantly increase the attack surface for security breaches.

Additionally, the two-factor authentication (2FA) market is becoming increasingly commoditized with the service now being included in popular applications from large technology providers. In the last year, 16 billion authentications passed through Cisco's Duo Authenticator product, the vast majority of which are virtual and remote desktop authentications requiring users to be in possession of a second device, which is not always available or allowed depending on the environment. This has created a large, unsolved market need that Badge is uniquely positioned to address. As Ginger Leishman, Cisco Duo Technology Partnerships Manager, explained: "This reliance on specific hardware, called device dependency, is a pain for user experience and impacts security when users are forced into fallback authentication flows. With Badge, the device dependency is gone — people are their own roots of trust, rather than just a device or token."

Badge enables Cisco Duo to unlock new identity and authentication use cases while reducing friction and enabling seamless, passwordless enrollment using verifiable credentials (VCs). Badge leverages the initial identity verification (IDV) enrollment, and from there the user can authenticate to access this credential anywhere, anytime, on any device. There is no need for repeat IDVs throughout the user lifetime journey, which reduces user frustration and increases cost-effectiveness for Cisco Duo.

"With Badge's novel privacy-preserving authentication, Cisco Duo users can access any device or application without storing user secrets or private keys," stated Dr. Tina P Srivastava, Co-Founder of Badge. "This eliminates the friction and cost burdens associated with traditional MFA methods like tokens and repeated phone re-registration. Additionally, by removing reliance on physical devices and insecure account recovery processes, Badge and Duo are raising the bar, making it harder for attackers to gain unauthorized access."

As Cisco Duo posted in their blog, when users are in device-not-present situations, like when a mobile phone required for an MFA push is lost, broken, or unavailable, the fallback is usually a phishable, high-friction account recovery process. Not only is this bad for the user experience, but it's bad for security too – as account recovery is increasingly becoming the front door for attackers and phishing. Recent high-profile attacks in healthcare and entertainment demonstrate this growing threat. In the piece, "Badge Integration with Cisco Duo Delivers Unique Hardware-less MFA Experience," Cisco Duo's blog points out that Badge eliminates disruptions and the need for account recovery, significantly reducing the risk of fraud.

"Duo can also operate as a certified passkey provider leveraging Badge, extending the password-less capabilities of Duo," said Ginger Leishman, Technology Partnerships Manager, Cisco Duo. "Unlike other passkey models, the Badge integration with Duo does not require users to cede trust of their key trees or login credentials to a centralized authority."

She also expanded on how Duo users leveraging the Badge passkey implementation benefit from a trust model where users can establish key provenance and maintain control over their authentication keys, enhancing security and privacy. With Badge, users enroll once, and may access their passkeys on any device (including across Apple, Microsoft and Google ecosystems).

With today's announcement, Cisco becomes the latest member of Badge's partner network, which also includes marquee identity partners, Okta/Auth0, Radiant Logic and Ping Identity.

About Badge
Badge enables privacy-preserving authentication to every application, on any device, without storing user secrets or PII. Badge's patented technology allows users to derive private keys on the fly using their biometrics and factors of choice without the need for hardware tokens or secrets. Badge uniquely enables cross-domain, decentralized, digital identity. Badge was founded by field-tested cryptography PhDs from MIT and is venture-backed by tier 1 investors. Customers and partners include top Fortune companies across healthcare, banking, retail, and services. Learn more at www.badgeinc.com. 

Media Contact: 
Frances Bigley
badge@finnpartners.com 

Cision View original content to download multimedia:https://www.prnewswire.com/news-releases/cisco-duo-taps-badge-to-strengthen-its-security-posture-and-enable-frictionless-mfa-not-bound-to-a-device-302194493.html

SOURCE Badge

Copyright 2024 PR Newswire