New identity platform kills the password and ushers in ‘frictionless’ user experience, says ForgeRock
ForgeRock®, has released a new edition of the ForgeRock Identity Platform to enable organisations to orchestrate secure, frictionless user experiences using push authentication.
The ForgeRock Identity Platform is said to be the industry’s first end-to-end open source identity management solution to support passwordless login and frictionless second factor authentication capabilities for continuous security.
With billions of Internet of Things (IoT) devices and services coming online – Gartner, Inc. forecasts that 20.8 billion connected things will be in use worldwide by 2020 – the conventional login-and-password approach to authenticating users and authorising access to data and services will no longer be workable.
In fact, Forrester expects that with computing processing power increasing dramatically, even passwords 14 to 20 characters long will be readily crackable and largely ineffective for protecting high-value, high-risk assets and transactions by 20192. The ForgeRock Identity Platform is designed for this challenging new environment.
Where other identity management products offer passwordless login at the beginning of a session, the ForgeRock Identity Platform invokes passwordless, second factor authentication any time during a session, should an anomaly occur.
For instance, if your laptop switches from a secure company wifi network to an unsecure network in a coffee shop, re-authentication would be invoked via a required response to a push notification sent to your phone – through a biometric TouchID, a swipe or other action – in order to maintain access to an online service.
This kind of continuous security without passwords is essential for a frictionless customer experience in any number of business cases – from securing the smart car and smart home applications, to healthcare devices, wearables, mobile banking and industrial IoT situations where ease of use and the highest level of access security are essential.
“User frustration is a real concern with two-factor authentication, and a significant barrier for organisations working to create the kind of secure, seamless online user experiences that we’ve all come to expect online,” said ForgeRock CEO, Mike Ellis. “With passwordless authentication now available through the ForgeRock Identity Platform, our customers can create highly secure, frictionless user experiences that will delight and engage end users, while keeping the growing number of IoT devices and data out of the wrong hands.”
Passwordless authentication not only improves the user experience, but can also increase the level of security organisations can provide to their customers while reducing cost and administrative workload.
In a typical ForgeRock implementation, the first authentication step happens via the Internet. The second method is ideally completed over a separate network (out of band), which is what happens with push notifications that travel over the Apple (APNs) or Google (GCM) dedicated notification networks.
These steps make it more difficult for potential cybercriminals, who would need to hack into both an individual’s laptop and mobile device to gain access to user data. Additionally, using push notifications provided through an authenticated mobile app is often dramatically less expensive than conventional token-based approaches, which are notorious for hidden costs associated with deploying hardware and software, token licenses, maintenance and help desk costs.
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow