Biometric data obtained from selfies, forged passports and cyberattacks on data stores holding everything from fingerprints to DNA have long been best-sellers on the dark web.
Untraceable yet very powerful in allowing attackers to access the most valuable information a victim has, attackers are racing to fine-tune their tradecraft, producing synthetic ID fraud for more sophisticated attacks.
Current approaches to protecting biometric data are falling short, however.
C-level executives are the primary targets for biometric and deep fake attacks because they are four times more likely to be victims of phishing than other employees, according to Ivanti's State of Security Preparedness 2023 Report.
In response to the increasing need for better biometric security globally, Badge Inc. recently announced the availability of its patented authentication technology that renders personal identity information and biometric credential storage obsolete.
Badge also announced an alliance with Okta, the latest in a series of partnerships aimed at strengthening Identity and Access Management for their shared enterprise customers.
Srivastava explained how her company's approach to biometrics eliminates the need for passwords, device redirects, and knowledge-based authentication.
Badge supports an enroll once and authenticate on any device workflow that scales across an enterprise's many threat surfaces and devices.
Srivastava says her company's unique approach to biometric authentication can prove that the same human who registered is the same human who's authenticating to use a given resource or device.
What makes Badge's approach noteworthy is how it enforces the foundational elements of zero trust while protecting PII, including all forms of biometric data, from attacks.
Core to the platform is privacy-preserving authentication to every application on any device without storing user secrets or PII. Badge's patented technology allows users to derive private keys on the fly using their biometrics and factors of choice without the need for hardware tokens or secrets.
Today, Badge has customers across a broad spectrum of industries, including banking, healthcare, retail, and services.
Srivastava explained how Badge's technology is core to zero trust during a recent interview with VentureBeat.
She explained how Badge minimizes data access by not storing user secrets or personally identifiable information, reducing potential breach impact it supports and strengthens least privilege access.
What's also apparent from the approach Badge is taking to biometric security is how strong its potential is for strengthening multi-factor authentication.
Srivastava explains that users can authenticate using unique factors, including biometrics, without hardware tokens or secrets.
Badge is also scaling out into enterprises with its partnerships, further adding value to zero-trust frameworks.
Their recent announcements with Okta and Auth0 further validate Badge's growing importance as part of broader IAM platforms and tech stacks.
Srivastava also told VentureBeat Badge operates on a cryptographically zero-knowledge basis, not trusting any party with sensitive data, and offers quantum resistance for future-proof security.
That positions Badge's technology as a solid contributor to any organization's zero-trust architecture.
This Cyber News was published on venturebeat.com. Publication date: Sat, 27 Jan 2024 00:13:04 +0000