Be part of our day by day and weekly newsletters for the most recent updates and unique content material on industry-leading AI protection. Be taught Extra
Identities are best-sellers on the darkish internet, with well being and finance data being among the many most respected because of their lack of traceability and outdated approaches to defending them that always embody hackable device-dependent MFA strategies. Present approaches that pressure machine authentication are falling in need of the problem.
When authentication strategies depend on units alone as belief anchors, they’re leaving widening gaps that attackers proceed enhancing their tradecraft to use. Counting on particular units to authenticate entry additionally introduces larger friction that each person has to expertise to get their work executed. Attackers are utilizing authentication fatigue strategies mixed with phishing and adversary-in-the-middle (AITM) assaults, all aimed toward hijacking a tool restoration course of.
“When we founded Badge, our mission was to solve one of the hardest problems in authentication by moving the trust anchor for digital identities to the human instead of relying on a hardware device that can be lost or stolen,” Tina Srivastava, co-founder of Badge, instructed VentureBeat throughout a latest interview.
“We eliminate the secrets in the authentication process. Both the human identity, like biometrics, and the private key are completely eliminated with Badge, ” Srivastava continued.
{Hardware}-dependent MFA: A compelling assault goal
Cybercrime gangs, syndicates and nation-state attackers proceed rising their arsenal of SIM swapping, AITM and Dwelling off the Land (LOTL) assault strategies and applied sciences. The outcome: the world’s most at-risk industries, together with healthcare, manufacturing, monetary providers, fintech and others, are more and more susceptible to identity-based assaults.
“Adversaries proceed to maximise using stolen identities and try to reduce defenders’ community visibility by ‘living off the land’ and due to this fact lowering potential indicators or alerts on the endpoint, which the adversary is aware of is closely scrutinized. This tactic hinders menace hunters’ potential to distinguish adversary exercise from typical person and system administrator exercise, “writes CrowdStrike of their not too long ago launched 2024 Menace Looking Report.
Healthcare is below siege in 2024. Making issues worse, MFA is sporadically applied throughout the {industry}, and device-dependent approaches to MFA have gotten simpler for prison gangs and nation-state attackers to interrupt. “Multifactor authentication (MFA) can provide a robust line of defense, but it is often implemented unevenly, and successful attacks on MFA implementations are on the rise,” in response to Gartner of their latest report, Mitigate Account Takeover Dangers.
A latest examine of The Well being and Human Companies HHS Breach Portal finds that greater than 45 million affected person data have been compromised in 2024 year-to-date. Healthcare suppliers, together with hospitals, clinics and therapy facilities, have skilled 365 breaches this yr alone, 86% of which began with an IT-based assault on networks.
“Multifactor authentication (MFA) can provide a robust line of defense, but it is often implemented unevenly, and successful attacks on MFA implementations are on the rise,” in response to Gartner of their latest report, Mitigate Account Takeover Dangers.
The necessity for device-independent MFA
“With Badge, the device dependency is gone — people are their own roots of trust rather than just a device or token,” Srivastava says. She defined that this strategy not solely strengthens identity-based safety it additionally improves person experiences by eliminating the necessity for fallback authentication processes, which attackers typically goal.
Badge’s device-independent MFA permits customers to enroll as soon as on any machine and authenticate seamlessly throughout all their units with out {hardware} tokens or saved biometrics. Supply: Badge Inc
Because the firm’s founding, she and her crew have moved rapidly within the healthcare, finance and manufacturing industries to shut the rising gaps their clients had been seeing with hardware-dependent authentication strategies. Badge is seeing regular adoption in healthcare and finance, the place companies need to have their front-line employees enroll as soon as after which authenticate on any workstation or machine while not having to register once more.
Badge’s influence and partnerships
Badge is attracting a rising base of companions based mostly on their potential to ship device-independent MFA at scale throughout enterprises. Partnerships and integrations embody Microsoft, Okta, PingIdentity, Radiant Logic, ForgeRock, and, most not too long ago, Cisco Duo, who sought out Badge for a partnership.
“Badge not only streamlines access across applications and devices but crucially reduces the risk of phishing attacks or credential exposure, making it an indispensable tool for maintaining the integrity of secure environments. Badge is excited to partner with Cisco Duo to bring this important security and user experience benefit to Duo users,” Srivastava instructed VentureBeat.
Srivastava says the combination with Cisco Duo unlocks new id and authentication use circumstances whereas lowering friction and enabling seamless passwordless enrollment utilizing verifiable credentials (VCs).
In a latest weblog put up saying the partnership, Kyle Kilcoyne, world head, of partnerships and expertise at Badge, and Ginger Leishman, expertise partnerships supervisor at Cisco, wrote, “Badge offers a cost-saving solution to help reduce friction and enable seamless, passwordless enrollment using verified credentials (VCs). Badge leverages the initial Identity Verification (IDV) enrollment, and from there the user can authenticate to access this credential anywhere, anytime, on any device. No need for repeat IDVs throughout the user’s lifetime journey. This saves money and user frustration.”
Cisco’s put up continues, saying that “in addition to simplifying the enrollment process, Duo can also operate as a certified passkey provider leveraging Badge, extending the passwordless capabilities of Duo.”
Badge’s imaginative and prescient for the long run
“We see Badge as being the foundation of the identity backplane of the internet. It will be the way that every person authenticates to every application in the world,” Srivastava predicts.
Integration is essential to Badge’s development. It’s an space Srivastava and her crew have continued to focus on, seeing it as key to their potential to scale rapidly throughout enterprises. “Badge can plug and play with open standards like OIDC. So if a company has Okta, Ping, Microsoft Azure AD, or similar systems deployed, Badge can integrate with open standards,” Srivastava mentioned.
Seeing integration as desk stakes for rising at scale has been a precedence because the firm was based. As we speak, the corporate has zero-code integration in place supporting Oauth2, OpenID Join, SAML and FIDO requirements.
Srivastava notes that CISOs proceed to contact the corporate, providing their experience and steering to the fast-growing startup. In response, Badge created a CISO Council. “We’ve had many folks approaching us wanting to be part of it, wanting equity, and wanting to be part of the future vision of Badge. They also want to shape the industry and the thinking around identity and privacy,” Srivastava mentioned.
“Jeremy Grant, former Senior Executive Advisor at the National Institute of Standards and Technology (NIST) who joined our CISO Council, is a huge proponent of PKI. He helped write the original legislation that led to PKI and CAC cards in the DOD. He has always cared about public key cryptography but has been fascinated by the usability challenges that Badge solves,” she mentioned. When becoming a member of the Badge CISO Council, Jeremy Grant mentioned, “As we look to advance more user-centric approaches to identity, Badge is a promising way to address core security and usability challenges and get to the next frontier.”
With identities below siege and attackers on the lookout for new methods to defeat device-dependent MFA, Badge’s revolutionary strategy to lowering person fatigue and threat whereas redefining belief anchors at scale is required to higher shield each enterprise dealing with identity-driven cyberattacks.