First-of-its kind partnership unlocks massive
market opportunity for reusable identity with Badge's award winning
privacy-preserving and phishing-resistant authentication
SAN
FRANCISCO, July 11, 2024 /PRNewswire/ -- Badge Inc.,
the award-winning privacy company enabling Identity without
Secrets™, today announced a partnership with Cisco Duo to
revolutionize Multifactor Authentication (MFA) with the industry's
first hardware-independent roaming MFA solution. With this unique
integration, Duo and Badge are setting new standards for what's
possible in secure, efficient, and user-friendly identity and
authentication solutions.
Cisco Duo's blog post announcing the new Badge and Duo
integration says, "Badge helps Duo strengthen its security posture
with a seamless MFA experience that's both portable and resistant
to phishing, while also enabling a truly passwordless user
experience." The piece explains that MFA is an important security
tool to combat unauthorized account access, however, it is not
infallible. Traditional hardware-based MFA is high friction, can
disrupt operations, and the resulting employee workarounds
significantly increase the attack surface for security
breaches.
Additionally, the two-factor authentication (2FA) market is
becoming increasingly commoditized with the service now being
included in popular applications from large technology providers.
In the last year, 16 billion authentications passed through Cisco's
Duo Authenticator product, the vast majority of which are virtual
and remote desktop authentications requiring users to be in
possession of a second device, which is not always available or
allowed depending on the environment. This has created a large,
unsolved market need that Badge is uniquely positioned to address.
As Ginger Leishman, Cisco Duo
Technology Partnerships Manager, explained: "This reliance on
specific hardware, called device dependency, is a pain for user
experience and impacts security when users are forced into fallback
authentication flows. With Badge, the device dependency is gone —
people are their own roots of trust, rather than just a device or
token."
Badge enables Cisco Duo to unlock new identity and
authentication use cases while reducing friction and enabling
seamless, passwordless enrollment using verifiable credentials
(VCs). Badge leverages the initial identity verification (IDV)
enrollment, and from there the user can authenticate to access this
credential anywhere, anytime, on any device. There is no need for
repeat IDVs throughout the user lifetime journey, which reduces
user frustration and increases cost-effectiveness for Cisco
Duo.
"With Badge's novel privacy-preserving authentication, Cisco Duo
users can access any device or application without storing user
secrets or private keys," stated Dr. Tina P Srivastava, Co-Founder
of Badge. "This eliminates the friction and cost burdens associated
with traditional MFA methods like tokens and repeated phone
re-registration. Additionally, by removing reliance on physical
devices and insecure account recovery processes, Badge and Duo are
raising the bar, making it harder for attackers to gain
unauthorized access."
As Cisco Duo posted in their blog, when users are in
device-not-present situations, like when a mobile phone required
for an MFA push is lost, broken, or unavailable, the fallback is
usually a phishable, high-friction account recovery process. Not
only is this bad for the user experience, but it's bad for security
too – as account recovery is increasingly becoming the front door
for attackers and phishing. Recent high-profile attacks in
healthcare and entertainment demonstrate this growing threat. In
the piece, "Badge Integration with Cisco Duo Delivers Unique
Hardware-less MFA Experience," Cisco Duo's blog points out that
Badge eliminates disruptions and the need for account recovery,
significantly reducing the risk of fraud.
"Duo can also operate as a certified passkey provider leveraging
Badge, extending the password-less capabilities of Duo," said
Ginger Leishman, Technology
Partnerships Manager, Cisco Duo. "Unlike other passkey models,
the Badge integration with Duo does not require users to cede trust
of their key trees or login credentials to a centralized
authority."
She also expanded on how Duo users leveraging the Badge passkey
implementation benefit from a trust model where users can establish
key provenance and maintain control over their authentication keys,
enhancing security and privacy. With Badge, users enroll once, and
may access their passkeys on any device (including across Apple,
Microsoft and Google ecosystems).
With today's announcement, Cisco becomes the latest member of
Badge's partner network, which also includes marquee identity
partners, Okta/Auth0, Radiant Logic and Ping Identity.
About Badge
Badge enables privacy-preserving
authentication to every application, on any device, without storing
user secrets or PII. Badge's patented technology allows users to
derive private keys on the fly using their biometrics and factors
of choice without the need for hardware tokens or secrets. Badge
uniquely enables cross-domain, decentralized, digital
identity. Badge was founded by field-tested cryptography PhDs from
MIT and is venture-backed by tier 1
investors. Customers and partners include top Fortune companies
across healthcare, banking, retail, and services. Learn more
at www.badgeinc.com.
Media Contact:
Frances
Bigley
badge@finnpartners.com
View original content to download
multimedia:https://www.prnewswire.com/news-releases/cisco-duo-taps-badge-to-strengthen-its-security-posture-and-enable-frictionless-mfa-not-bound-to-a-device-302194493.html
SOURCE Badge